Data Breach Management and GDPR

Many Information Security professionals believe that data breach is an inevitable outcome that organisations will experience - it's no longer a case of "IF" but "WHEN".

In recent times, there have been many high profile data breaches involving the compromise of personal data.

GDPR defines a Personal Data Breach as:

"a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed"

Many people associate the notion of a data breach with the image of an external party hacking into a company's systems to unlawfully access data.

However, according to recent Industry research, 58% of all data security incidents occurred within the organisation and were caused by an employee, ex-employee or trusted 3rd party.

GDPR stipulates that the Supervisory Authority (ICO) must be notified by the data controller (your organisation) without undue delay and no later than 72 hrs after having become aware of a personal data breach.

There are some limited exceptions to when a breach must be reported to the Supervisory Authority:

  • If the data is encrypted and the key remains secure
  • If the data becomes corrupted but there is a mechanism to restore instantaneously e.g. database systems

It is anticipated that personal data breaches put an organisation at risk of being issued significant fines by the ICO, with the knock-on effect of brand-damaging media attention and the reputational loss that could ensue.

PYXI for GDPR provides confidence to small businesses that, in the event of a personal data breach, they have the tools at their disposal to manage the Breach Notification process in a simple and efficient manner.

PYXI for GDPR Data Breach Management Software

The Data Breach Management dashboard gives clear visibility of the status of the current breaches that are in hand. PYXI for GDPR provides clear guidance for the next steps to take at each stage, and records the actions taken as part of the breach response.

GDPR Data Breach Management Software - PYXI for GDPR

Sign up now for PYXI for GDPR - only £19+VAT per month.

More Detail about PYXI Software for GDPR

Keeping Track of Personal Data in your Organisation

Read more about how PYXI stores information about your Personal Data records for Article 30 here: Article 30 Record Keeping

Managing Subject Access Requests

Read about how we help you to manage Subject Access Requests in your organisation: GDPR Subject Access Requests

Managing Data Breaches for GDPR

Read how we help with managing Data Breaches for GDPR: GDPR Data Breach Management