What to do after a data breach (FREE download)

Share this

Cyber incidents can have devastating ramifications, including lost or stolen data, business interruption, reputational damage and costly non-compliance fines under the General Data Protection Regulation.

These potential consequences, combined with the rising dependence on technological solutions in the workplace, make it clear to organisations of all types and sizes that cyber-security should be a top priority. With the rapid adoption of remote working by many organisations during the Covid-19 pandemic, the risk of data breaches and other cyber-security issues has dramatically increased and many organisations have not reviewed their policies and procedures in line with the increased risk. 

A common reason the Information Commissioners' Office levies a fine or takes other action against an organisation is not simply because a data breach has occurred. Often the reason for punitive action is a lack of training, an absence of formalised policies and an organisation inappropriately dealing with the data breach by ignoring it, obfuscating it or not notifying the relevant authorities when this is called for. 

Detailed guidance on all matters relating to GDPR and PECR rules around data management is available on the ICO's website and it is recommended that all organisations have an appointed team member with the authority to enact policies, procedures and training in the organisation.

One of the core elements of your data management policies will be your procedures in the case of a cyber-security incident. 

Our cyber-insurance and cyber-risk management team have compiled a detailed data breach response policy template which is available to you free of charge and can be customised with the details of your organisation to provide an additional layer of protection. 

Please note, this document is for guidance only and must be adapted to your individual organisation's specific needs and approved by your own senior management and your legal counsel.