In the GDPR a personal data breach is defined as a breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored, or otherwise processed.
What dose all that mean? It means that a data breach is more than just having your systems hacked and data stolen. It means that a data breach can happen at any point to any organisation.
Some examples of a breach might include loss or theft of hard copy notes, USB drives, computers or mobile devices, an unauthorised person gaining access to a laptop, email account or computer network, sending an email with personal data to the wrong person.
It is possible for any organisation that holds personal data to have a data breach. So, all organisations should have a process in place for dealing with a data breach.
How to prepare your organisation for a Data Breach
- Ensure staff dealing with personal data know how to recognise a data breach.
- Implement a clear Data Breach policy and procedure.
- Implement a Data Breach team, ensure that everyone knows their responsibilities, appoint a team leader.
- Ensure that staff know how and when to escalate a security issue, whereby it can be determined if a data breach has taken place.
- Implement a clear risk assessment strategy.
- Know when to inform any individuals who have been affected and when to contact the ICO.
- Ensure all data breaches are documented.
A data breach can be extremely detrimental to any organisation. It not only means loss of data, but it causes loss of trust within your customer base and in today’s world of social media news travels fast. This causes a reputational damage and will have an affect on bot current and future customers.
You can download our free white paper on Managing a Data Breach here
For advice on training and dealing a data breach please do contact us and we will be happy to help.