A blog about GRC (Governance, Risk Management, and Compliance)

How to Handle a GDPR Breach

[fa icon="calendar"] Sunday, 08 May 2022 / by Jakob Holm Hansen

Has the organization done all it can to protect data subjects before, during, and after a security incident? This is essentially the question that both private and public organizations must ask themselves when defining accountability and imposing sanctions in the aftermath of
a personal data security breach

 

Our new white paper, GDPR - Handling Personal Data Security Breaches in Three Phases, considers the formal requirements for handling a personal data security breach in accordance with GDPR and sets out guidelines for the preparation and anchoring of appropriate contingency measures.

Treating Security Breaches According to the GDPR

When public and private organisations are required to comply with the requirements of the General Data Protection Regulation (GDPR), reminding ourselves of the purpose of the regulation may be a helpful step. For many years, some organisations have had a commercial interest in acquiring and storing personal data. Enforcement has been somewhat sporadic, to say the least, in cases where the organisations in this process are in breach of the legislation, and has therefore not served as a significant deterrent. The implementation of the GDPR will finally bring this practice to an end. In future, organisations must have a meaningful and objective purpose for acquiring personal data. They must store, protect, and delete this personal data in accordance with exacting security standards. Organisations must also be able to document everything they do. If they are unable to do so, organisations risk incurring serious fines.

It therefore also makes sense for GDPR to contain formal requirements regarding the way in which a personal data security breach must be handled. When an organisation acquires data concerning a data subject, the data is provided in confidence. When something goes wrong and there is a breach in this confidence, data subjects and the authorities acting on behalf of citizens may demand to know what has gone wrong and the measures that have been taken to ensure that it does not happen again.

This new white paper, GDPR - Handling personal data security breaches in three phases, reviews the requirements imposed in the EU GDPR. The white paper starts by defining what personal data is, the distinctions between the various types of security breaches, and the consequences that a personal data security breach could have for the data subject. The white paper then sets out recommendations for the establishment and anchoring of appropriate contingency measures, including fixed exercise routines and a process-based action plan in three phases.

 Download the guide

  

Emner: GDPR

GRC blog

The NorthGRC blog offers advice and knowledge of effective information security management, security strategies, risk management, compliance with information security standards and other requirements, business continuity planning, ISO2700x, EU Data Protection Regulation, PCI DSS, etc.

Popular Posts