Data incidents, or personal data breaches, are the among the scariest things to happen to an organisation in the digital world. A personal data breach is essentially when personal data held by an organisation is accessed by someone that shouldn’t have, disclosed to someone it that shouldn’t have or destroyed or lost altogether.
Incidents can relate to hefty fines, reputational damage and personal distress for those involved. Organisations are required to report incidents to their data protection authority within 72 hours of becoming aware of the incident where it likely to pose a risk to the individuals concerned. Similarly, data subjects must be told without undue delay when the incident is likely to cause a high risk to their rights and freedoms.
Incidents create panic, especially when you don’t have the right expertise or resource in your organisation to deal with them properly. Thankfully, that’s where we can help you.
With us, we can help make sure that you have all the internal tools needed to deal with incidents appropriately, and that you are actively seeking ways to reduce the likelihood of incidents occurring in the first place. That means less stress, less likelihood of being fined and more time you can spend doing what your business needs to do.
We were contacted by an organisation who needed help after they had suffered from a few significant data breaches in a short space of time. They didn’t have a process for what they needed to do, they didn’t know why these incidents were happening and they didn’t have any internal knowledge of how to deal with a breach.
Once we were involved, we rapidly responded to investigate all the incidents in question. We got to the bottom of how the incidents happened, who they affected and how seriously it affected them, allowing them to make a decision on how best to proceed.
After the dust had settled, we got to work creating an incident policy and designing a process they can follow if an incident happens again. We also provided training and communication material to all staff to ensure that everyone was on the same page and knew what to do when an incident occurs.
Now, there is a smooth process for incidents, which are reported more regularly and much quicker. We still help out to investigate the incidents, reporting to the highest level of management with the findings of incidents and how we think they can improve their processes to avoid them happening again.
Get in touch with us today to book a free 30 minute consultation and find out how we can support you achieve compliance.
We provide a full data protection and information governance consultancy service to all our clients who engage with us. We provide flexible packages and services to make sure that you only pay for what you need, so you aren’t paying for unnecessary services. Whatever you and your organisation need, we are here to help.