Hiding isn't an option
Posted on 7th January 2019 at 15:33
Hiding from GDPR & Data Breaches isn’t an option!
Since the GDPR came into effect on 25th of May 2018 we have been inundated with requests from people asking theoretical questions around data breaches, and what they should do in reaction to a ‘so called’ breach that may have occurred.
We are always happy to assist and apply our 25 years of specialist expertise within the areas of data management and cyber compliance to the GDPR, but what individuals and organisations are failing to understand is that transparency is key.
By following an established process for the GDPR you can protect your organisation from:
The possible consequences of a breach – these should have been foreseen and documented previously. Any unforeseen breaches must be added to the process as part of your GDPR journey to compliance.
The fear of telling anyone, both internal and external to the organisation – the more transparent you are the better. All those involved should be made aware, so that nothing is hidden, no surprises! This is key to GDPR, proving you have followed process!
Keeping quiet should not even be an option. A breach is serious, but it is also an opportunity to learn and use the processes in place that are protecting your organisation. It’s the process and how the breach is dealt with that evidences your part in being compliant in accordance with the law – this is your journey to GDPR compliance.
Our Advice on a breach in accordance with GDPR
Our advice on a possible data breach is - Honesty is always the best policy.
The subsequent actions that you take will depend on the nature of the breach, which is determined at the time by:
The type of data involved.
The amount of data involved.
Whether it was an accident, malicious or criminal.
Has the breach been stemmed or is it ongoing.
Furthermore, a policy together with processes should exist to determine “How Company data breaches” should be managed and how appropriate notifications to required staff, managers, customers and governing bodies should be made. GDPR is everyone’s responsibility.
Keeping Quiet is not a solution
We have been asked more times than we should:-
"How would anyone find out if we didn’t say anything?"
The very simple answer to this is “there is no guarantee to keeping quiet, it goes against what the GDPR is about.”
The GDPR doesn’t penalise you for honesty, transparency, process and justified actions, but what it does penalise you for is keeping quiet, covering-up breaches, not following the law.
A breach is like gossip, you never know who knows about it and what they are saying, therefore, the ability to keep a breach quiet is unlikely to be successful and comes with consequences that far outweigh an honest approach.
Prevention is an option.
Prevention is a much better option. As mentioned previously, the GDPR is everyone’s responsibility, that is why comprehensive GDPR/Cyber Compliance Training is essential, so that everyone can understand the part they play in responsibly protecting themselves, their jobs and their organisations.
Comprehensive GDPR/Cyber Compliance Training will provide you with an understanding of:-
PECR (Privacy and Electronic Communication Regulation).
The difference between GDPR and PECR.
How Cyber Crime can affect your business.
What Appropriate Measures are and why they are so important to implement.
Compliance in relation to your individual organisation, and how you can start and build on this journey to meet the legal obligations required to help protect your business
By attending appropriate training, it will also allow any organisation to identify all of their data:-
Why they have it.
Who has access to it.
Who it’s shared with.
A final word of the highest importance...
By establishing and following a compliance journey you will minimise the impact, consequences and compliance issues in relation to any related to any data breaches.
Share this post: