Breach Management is equally important.
Yes, organisational awareness and Data Governance Framework are important steps in the journey towards GDPR Compliance, however, with cyber-attacks increasing it’s important for an organisation to look at Breach Management. It’s no more the case of “if” you are breached but “when” you are breached. So, incident response planning becomes critical not only to comply with GDPR but as a basic Cyber Security hygiene.
Under the GDPR, breach notification will become mandatory for all organisation where a data breach is likely to result in a risk to individuals’ rights and freedom. This must be done within 72 hours of first becoming aware of the breach. It is the responsibility of data processors to notify the controllers, “without undue delay” after becoming aware of a data breach.
The statement above does not say that the organisations need to have an incident response plan, however, to meet the 72-hour notification deadline the organisation must be able to quickly detect a breach within their network.
The GDPR highly recommends for an incident or breach response directly. Here are some of its high-level GDPR requirements that relate to Incident Response directly:
- Timely Notification
- Breach Response process and plan
- Impacted individual notification plan
- Breach Detection Plan:
- Effective Incident Response Plan
- Communication Strategy
- Incident Response Structure: internally or MSSP
Organisations will need to implement an effective incident response framework to contain any damage in the event of a data breach and to prevent future incidents from occurring. The speed at which you identify and detect a breach, fight the spread of malware, prevent access to data and remediate the threat will make a significant difference in controlling risk, costs and exposure of data during an incident.
Not only GDPR but also major cybersecurity standards recommend a Breach Management/Incident Response Plan. The international information security standards like ISO 27001, ISO 22301, PCI DSS and many other standards require organisations to develop a Security Incident Management Strategy.
A cyber incident is not an IT and infosec problem anymore but a business problem. Senior Management and business executives must understand the crucial role they play in the incident management and breach readiness lifecycle and must be aware of the what, why, where, how and when a cyber attack happens and be able to effectively deal with all aspects of a cyber attack. A successful, well-drilled Incident Response framework requires inter-business collaboration.
For more information about a non-technical GCHQ Certified Cyber Incident Planning & Response Training, click here.