Data Breach Management and GDPR
Many Information Security professionals believe that data breach is an inevitable outcome that organisations will experience - it's no longer a case of "IF" but "WHEN".
In recent times, there have been many high profile data breaches involving the compromise of personal data.
GDPR defines a Personal Data Breach as:
"a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed"
Many people associate the notion of a data breach with the image of an external party hacking into a company's systems to unlawfully access data.
However, according to recent Industry research, 58% of all data security incidents occurred within the organisation and were caused by an employee, ex-employee or trusted 3rd party.
GDPR stipulates that the Supervisory Authority (ICO) must be notified by the data controller (your organisation) without undue delay and no later than 72 hrs after having become aware of a personal data breach.
There are some limited exceptions to when a breach must be reported to the Supervisory Authority:
- If the data is encrypted and the key remains secure
- If the data becomes corrupted but there is a mechanism to restore instantaneously e.g. database systems
It is anticipated that personal data breaches put an organisation at risk of being issued significant fines by the ICO, with the knock-on effect of brand-damaging media attention and the reputational loss that could ensue.
PYXI for GDPR provides confidence to small businesses that, in the event of a personal data breach, they have the tools at their disposal to manage the Breach Notification process in a simple and efficient manner.
PYXI for GDPR Data Breach Management Software
The Data Breach Management dashboard gives clear visibility of the status of the current breaches that are in hand. PYXI for GDPR provides clear guidance for the next steps to take at each stage, and records the actions taken as part of the breach response.
More Detail about PYXI Software for GDPR
Keeping Track of Personal Data in your Organisation
Read more about how PYXI stores information about your Personal Data records for Article 30 here: Article 30 Record Keeping
Managing Subject Access Requests
Read about how we help you to manage Subject Access Requests in your organisation: GDPR Subject Access Requests
Managing Data Breaches for GDPR
Read how we help with managing Data Breaches for GDPR: GDPR Data Breach Management
Subscribe to our
Weekly GDPR Newsletter.
It's full of really useful updates
for UK small businesses.
Enforcement Notice For Not Responding To A Subject Access Request
Ainsworth Lord Estates Limited has been served an enforcement notice for not responding to a Subject Access Request. A Lancashire-based business, Ainsworth Lord Estates Limited, has been served an Enforcement Notice by the Information Commissioner... click to read more