Hiding from GDPR & Data Breaches isn’t an option! 

Since the GDPR came into effect on 25th of May 2018 we have been inundated with requests from people asking theoretical questions around data breaches, and what they should do in reaction to a ‘so called’ breach that may have occurred. 
 
We are always happy to assist and apply our 25 years of specialist expertise within the areas of data management and cyber compliance to the GDPR, but what individuals and organisations are failing to understand is that transparency is key. 
 
By following an established process for the GDPR you can protect your organisation from: 
 
The possible consequences of a breach – these should have been foreseen and documented previously. Any unforeseen breaches must be added to the process as part of your GDPR journey to compliance. 
 
The fear of telling anyone, both internal and external to the organisation – the more transparent you are the better. All those involved should be made aware, so that nothing is hidden, no surprises! This is key to GDPR, proving you have followed process! 
 
Keeping quiet should not even be an option. A breach is serious, but it is also an opportunity to learn and use the processes in place that are protecting your organisation. It’s the process and how the breach is dealt with that evidences your part in being compliant in accordance with the law – this is your journey to GDPR compliance. 
 
Our Advice on a breach in accordance with GDPR 
Our advice on a possible data breach is - Honesty is always the best policy. 
 
The subsequent actions that you take will depend on the nature of the breach, which is determined at the time by: 
The type of data involved. 
The amount of data involved. 
Whether it was an accident, malicious or criminal. 
Has the breach been stemmed or is it ongoing. 
 
Furthermore, a policy together with processes should exist to determine “How Company data breaches” should be managed and how appropriate notifications to required staff, managers, customers and governing bodies should be made. GDPR is everyone’s responsibility. 
 
Keeping Quiet is not a solution 
We have been asked more times than we should:- 
 
"How would anyone find out if we didn’t say anything?" 
 
The very simple answer to this is “there is no guarantee to keeping quiet, it goes against what the GDPR is about.” 
 
The GDPR doesn’t penalise you for honesty, transparency, process and justified actions, but what it does penalise you for is keeping quiet, covering-up breaches, not following the law. 
A breach is like gossip, you never know who knows about it and what they are saying, therefore, the ability to keep a breach quiet is unlikely to be successful and comes with consequences that far outweigh an honest approach. 
 
Prevention is an option. 
Prevention is a much better option. As mentioned previously, the GDPR is everyone’s responsibility, that is why comprehensive GDPR/Cyber Compliance Training is essential, so that everyone can understand the part they play in responsibly protecting themselves, their jobs and their organisations. 
 
Comprehensive GDPR/Cyber Compliance Training will provide you with an understanding of:- 
GDPR. 
PECR (Privacy and Electronic Communication Regulation). 
The difference between GDPR and PECR. 
How Cyber Crime can affect your business. 
What Appropriate Measures are and why they are so important to implement. 
Compliance in relation to your individual organisation, and how you can start and build on this journey to meet the legal obligations required to help protect your business 
 
By attending appropriate training, it will also allow any organisation to identify all of their data:- 
Why they have it. 
Who has access to it. 
Who it’s shared with. 
 
A final word of the highest importance... 
By establishing and following a compliance journey you will minimise the impact, consequences and compliance issues in relation to any related to any data breaches. 
 
 
For further advice or to book training Click Here. We can also provide a full Data Analysis Check or Cyber security Check bespoke to your organisation, call: 02890 022344  
Share this post:

Leave a comment: 

For Impartial Advice 
JCBcs | 02890 022344 
Email Us | info@jcbcs.com 
 
 
Our site uses cookies. For more information, see our cookie policy. ACCEPT COOKIES MANAGE SETTINGS