How To Deal With A Data Protection Breach

Cyber security is a major issue for corporations around the world who hold personal data of customers and clients. Cyber attacks affect most industries with small and large organisations being affected from ecommerce, tech companies, airline companies, financial to healthcare organisations to name just a few.

What happens if your company suffers a data breach, how can you deal with this? With the introduction of the GDPR, there are set guidelines on how to properly manage a data breach.

What is the GDPR?

According to Donegal data breach solicitor Conor McLaughlin & Associates, the GDPR totally revamps data legislation across Europe and is designed to:

  • Harmonise data privacy laws across Europe;
  • Protect and empower all EU citizens in terms of their data privacy;
  • Severely penalise those who commit personal data breaches; and
  • Reshape the way businesses control and/or process EU citizen’s personal data.

Conor McLaughlin & Associates, GDPR provides for significant penalties for Data Controllers and Data Processors in the event of a data breach i.e. a breach of security leading to the accidental or unlawful destruction, loss, alteration, or unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

How do hackers steal personal data?

There are many ways in which hackers can steal personal data.

  • Not Using Proper Firewall Infrastructure -A network firewall creates a barrier between a trusted and untrusted network. By not using a firewall, your network is at risk from a malicious cyber attack.
  • Phishing – Many online4 scams like phishing rely on human error. This happens where an employee will open an email that looks legitimate and download content that’s included in the email. The hacker will use this as an entry point to the system and proceed to gather personal information and/or install malicious software such as ransomware.

Company Data Has Been Breached, What Do I Do?

If you have had the unfortunate circumstance of having your data breached as an organisation, you must first:

Inform your Data Protection Officer

Under the GDPR, you must inform your Data protection office of a breach in your organisation.

Having talked to a representative of Conor McLaughlin & Associates, it is recommend at this stage, to contact your data breach solicitor for assistance.

Review The Impact Of The Data Breach

The next important step is to review the total impact of the data breach including:

  • Establishing how the breach had happened
  • What data was taken by the hacker
  • Is there ransomware installed in the IT network Infrastructure
  • Establish how many customers/clients have been impacted as a result of the data breach

Notify Your Data Protection Authority

The next step is to have your data protection officer contact the data protection authority to disclose the extent of the data breach.

Implement Measures To Prevent Reoccurrence

If your organisation has been affected by a data breach you need to carry out the necessary changes needed to fix the vulnerabilities in your IT infrastructure to prevent this from happening again to your organisation.

Leave a Reply

Your email address will not be published.