How to deal with a data breach

A Data Privacy Benchmark Study carried out by Cisco earlier this year estimates that even in ‘GDPR ready’ businesses, the chances of having a data breach in the next 12 months is 74%. For less-prepared companies that increases to 89%. If between 7 and 9 in every 10 businesses are likely to have a data breach in the next year, you will be lucky to get through the period without one!

Responding to a data breach

You can greatly minimise the chance of a data breach by carrying out a comprehensive data protection impact assessment for all the personal data you handle and training staff on their responsibilities. But there are four vital things to remember if you do experience a breach:

1. Act quickly Your company is responsible for putting everything right so act quickly to identify and stop the breach to limit the damage the beach causes.
   
   
2. Identify the impact Assess the impact of the data breach and notify those whose personal data is compromised. Is the data breach serious enough to report to the ICO? If so, you must report it within 72 hours of discovering the breach.
   
   
3. Prevent a further breach While you're putting things right from the breach, work out what you can do to prevent it happening again.
   
   
4. Keep a breach record Keep a log of how you dealt with the data breach and how you'll prevent them in future. If the ICO are involved they will want to see a healthy and realistic approach to managing all data breaches.
   
   

Guidance on handling data breaches

Astrid’s online platform helps you define your breach identifying and reporting process and includes a breach handbook to help you manage and track breach incidents as they develop. Subscribe today to access all the tools and guidance small businesses need to become and remain compliant with GDPR.