The majority of respondents to our first EU General Data Protection Regulation (GDPR) Report have implemented or are implementing a data breach notification procedure and incident response plan. According to the report:
- 33.1% already have a data breach notification procedure in place;
- 43.1% are taking the necessary steps; and
- 23.8% don’t have a procedure in place.
Organisations are doing even better at implementing incident response plans. Almost half (48.5%) already have a plan in place, and 35.3% are implementing one.
The report surveyed 250 of our clients and is intended to provide practitioners and senior management with insights into how organisations are progressing with GDPR compliance, the challenges they face and the measures they are adopting.
Reporting data breaches
The GDPR defines a data breach as the accidental or unauthorised destruction, loss, alteration, disclosure of or access to personal data.
Organisations need to report a breach when it is likely to risk the rights and freedoms of individuals. This covers significant economic or social disadvantages such as discrimination, reputational damage or financial losses.
The GDPR mandates that organisations report any data breach that meets these requirements within 72 hours of discovery.
How to comply with the GDPR
Since early 2016, IT Governance has continually worked to raise client awareness of the GDPR through free resources, webinars, blogs, training courses, books and other media. You can compare your organisation’s GDPR preparations with our average client by downloading our free GDPR Report.
Organisations looking for help implementing the Regulation’s requirements should take a look at our EU GDPR Documentation Toolkit. Designed and developed by expert GDPR practitioners, our toolkit provides all the templates, worksheets and policies you need to achieve compliance.
With this toolkit, you can:
- Get professional guidance on GDPR compliance obligations and personal information best practice;
- Make sure you have adequately identified risks to personal data and can put in place the necessary controls in order to protect your data;
- Embed the documentation into your organisation quickly and easily by using the pre-formatted templates; and
- Integrate GDPR documentation with your ISO 27001 documentation, reducing duplication.