How to deal with a data breach

The chances are that up to 9 in every 10 businesses will have a data breach in the next 12 months.  Given it’s not if but when, how will you deal with your data breach?

What is a data breach under GDPR?

According to the Information Commissioner’s Office (ICO), a data breach is ‘a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. 

The ICO figures show that 5 in every 6 data breaches are caused by human error with the other one being a cyber security breach.

Chances of a data breach

In a recent mini-survey we ran, over 80% of respondents said a data breach was their biggest worry and their concern is well placed.  In the first nine months after GDPR came into force, over 10,000 breaches were notified to the ICO - that's over 50 every working day!

A Data Privacy Benchmark Study carried out by Cisco earlier this year estimates that even in ‘GDPR ready’ businesses, the chances of having a data breach in the next 12 months is 74%. For less-prepared companies that increases to 89%.  If between 7 and 9 in every 10 businesses are likely to have a data breach in the next year, you will be lucky to get through the period without one!

Responding to a data breach

You can greatly minimise the chance of a data breach by carrying out a comprehensive data protection impact assessment for all the personal data you handle and training staff on their responsibilities.  But there are four vital things to remember if you do experience a breach:

  1. Act quickly
    Your company is responsible for putting everything right so act quickly to identify and stop the breach to limit the damage the beach causes.
     
  2. Identify the impact
    Assess the impact of the data breach and notify those whose personal data is compromised.  Is the data breach serious enough to report to the ICO? If so, you must report it within 72 hours of discovering the breach.
     
  3. Prevent a further breach
    While you're putting things right from the breach, work out what you can do to prevent it happening again.
     
  4. Keep a breach record
    Keep a log of how you dealt with the data breach and how you'll prevent them in future. If the ICO are involved they will want to see a healthy and realistic approach to managing all data breaches.
Guidance on handling data breaches

Astrid’s online platform helps you define your breach identifying and reporting process and includes a breach handbook to help you manage and track breach incidents as they develop.  Subscribe today to access all the tools and guidance small businesses need to become and remain compliant with GDPR.  We’re offering IPSE members a special Summer discount – your first year’s subscription is reduced from £225 down to £100! Use this link to sign up for your subscription now. 

Meet the author

Gerrard Fisher

Founder and GDPR Implementation, Astrid Data Protection