What’s more, when reporting the breach you’ll need to explain how it could have been avoided – a sticky situation you won’t relish.
You can’t prevent a cyber attack from the beach, so get ready before you go. Our pick-and-mix security protection packages will provide a safety net and give you peace of mind. Act now to save money before you get burned.
Get #BreachReady today.
Many regulations, such as Qatar’s DPL (Data Privacy Law), the UAE’s Health Data Protection Regulation and DIFC Data Protection Law, and the EU’s GDPR (General Data Protection Regulation), require you to report information about a breach to a supervisory authority.
For example, the GDPR requires you to report certain types of personal data breach to your competent supervisory authority with 72 hours of discovery. You will know who your competent supervisory authority is if you’ve signed up to our GDPR EU – Representative service. If you’ve registered in the UK, it will be the ICO (Information Commissioner’s Office). You or your representative can report a breach by calling the ICO’s helpline or completing an online form.
Finding out what the breach is, who has been affected, how extensive it is and how it happened – all within 72 hours – is not easy, especially when you want to use this time to start repairing damage caused by the breach.
Reporting a breach to your GDPR supervisory authority:
Your reputation is on the line. How can IT Governance help?
The simple fact that no two organisations are ever the same means there can be no one-size-fits-all approach to the GDPR. IT Governance has a range of solutions to help you on your journey to developing a successful and secure organisation
Assessing data that is affected
How many personal data records have been affected? How many data subjects could be affected?
The data flow audit service provides a thorough audit of the personal data in your organisation, and a data flow map that will help you identify where your data resides. This will help you to implement targeted measures to reduce the risk of an information security breach.
The Data Flow Mapping Tool simplifies the process of creating data flow maps, giving you a thorough understanding of the personal data your organisation processes and why, where it is held and how it is transferred.
Describing the impact
Explain the possible impact on data subjects. Was there any harm as a result of the breach?
Determining the likelihood and impact of a data breach is best done through a comprehensive information security risk assessment, enabling you to take appropriate action. Suitable for organisations of all sizes, vsRisk™ is a leading information security risk assessment tool that delivers fast, accurate, auditable and hassle-free risk assessments year after year. Fully aligned with ISO 27001, it significantly cuts the consultancy costs typically associated with information security risk assessments.
Reporting on staff training and awareness
Did the staff member involved in the breach receive data protection training in the last two years?
This simple-to-use, interactive GDPR Staff Awareness E-learning Course for employees introduces the GDPR and the key compliance obligations for organisations. It aims to provide a complete foundation on the principles, roles, responsibilities and processes under the Regulation.
The interactive Information Security Staff Awareness E-learning course teaches employees about the most important elements of information security and aims to reduce the likelihood of human error by familiarising non-technical staff with security awareness policies and procedures.
Preventive measures and taking action to address the problem
Describe any measures you had in place to prevent a breach. Explain the actions you have taken, or propose to take, as a result of the breach. Where appropriate, include actions you have taken to fix the problem and to mitigate any adverse effects.
ISO 27001 is the world’s leading information security standard, trusted by thousands of organisations across the globe. These ISO 27001 implementation bundles consist of a specially formulated combination of bestselling tools, hands-on guidance and trusted resources that will help you implement an ISO 27001-compliant ISMS (information security management system) from start to finish.
Our penetration testing packages provide a complete security testing solution for your websites and IT systems. The fixed-cost packages are ideal for small and medium-sized organisations in the GCC (Gulf Cooperation Council) countries or those with no experience of security testing.
About you: oversight
Your supervisory authority will require you to identify the DPO (data protection officer) or senior person responsible for data protection in your organisation.
GDPR EU – Representative is a service for GCC organisations that do not have a suitable office or subsidiary with a physical presence in the EU. We can act as your point of contact for supervisory authorities and data subjects.
Why choose IT Governance?
- We have an in-depth understanding of regulations such as the GDPR and how they can best be met.
- We provide a complete compliance support service to help organisations prepare for and adapt to the GDPR.
- Our specialist team has extensive international data protection and information security management project expertise.