Data breaches are now a daily occurrence. Last month, we reported that 143 million records had been leaked, and the month before that there were 199 million records leaked.
According to Ponemon Institute’s 2017 Cost of Data Breach Study, data breaches cost UK organisations an average of £2.48 million.
Breaches are also highly damaging to an organisation’s reputation and can result in loss of customer trust, job losses and regulatory fines.
The GDPR and data breaches
The General Data Protection Regulation (GDPR) is a new law that will be enforced from 25 May 2018 and will apply to all organisations that process EU residents’ personal data.
Under the Regulation, organisations must adopt appropriate policies, procedures and processes to protect the personal data they hold and ensure compliance.
Breaching the requirements of the new Regulation can result in fines of up to 4% of annual turnover or €20 million (£17.8 million) – whichever is greater.
How to prevent a data breach
Many businesses may already understand the importance of implementing the right procedures to detect, report and investigate a data breach, but many do not know how to go about this effectively. We have outlined six steps that will help your organisation prevent a data breach:
- Find out where your personal information resides.
- Identify all the risks that could cause a breach of your personal data.
- Apply the most appropriate measures (controls) to mitigate those risks.
- Implement the necessary policies and procedures to support the controls.
- Conduct regular tests and audits to make sure the controls are working as intended.
- Review, report and update your plans regularly.
ISO 27001 certification helps you achieve GDPR compliance
Certification to the international information security standard ISO 27001 can help you achieve these six steps and protect your other confidential company information.
By following ISO 27001 you will be able to implement adequate and effective security measures, based on the outcomes of a formal risk assessment, to comply with the GDPR.
The No 3 Comprehensive ISO 27001 ISMS Toolkit helps to accelerate your ISO 27001 project by providing you with:
- Official ISO 27000 standards;
- A complete set of easy-to-use, customisable and fully ISO 27001-compliant documentation templates, which will save you time and money;
- Easy-to-use dashboards and gap analysis tools to ensure complete coverage of the Standard;
- Direction and implementation guidance from expert ISO 27001 practitioners; and
- A risk assessment software tool to streamline the ISO 27001 risk assessment process.