What’s more, when reporting the breach you’ll need to explain how it could have been avoided – a sticky situation you won’t relish.
You can’t prevent a cyber attack from the beach, so get ready before you go. Our pick-and-mix security protection packages will provide a safety net and give you peace of mind. Act now and save money before you get burnt.
Get #BreachReady today.
The EU GDPR (General Data Protection Regulation) requires all data controllers to report certain types of personal data breaches to the ICO (Information Commission’s Office). You must do this within 72 hours of becoming aware of the breach where feasible.
You can report breaches either by calling the ICO’s helpline or you can complete an online personal data breach report.
Finding out what the breach is, who has been affected, how extensive it is and how it happened within 72 hours is not easy — especially when organisations want to use this time to start fixing damage caused by the breach.
Your reputation is on the line. How can IT Governance help?
The simple fact that no two organisations are ever the same means there can be no one-size-fits-all approach to the GDPR. To help you develop a successful and secure organisation, IT Governance has developed three SPF (Security Protection Factor) offers to align with your business requirements and budget.
What happened and how did it happen?
Quickly respond to any cyber incident with a cyber incident response programme, enabling you to effectively prepare for, respond to and follow-up after any data breach. The cyber incident response management service is based on ISO/IEC 27035:2016 and the best-practice cyber security incident response framework developed by CREST
Assessing data that is affected
How many personal data records have been affected? How many data subjects could be affected?
The data flow audit service provides a thorough audit of the personal data in your organisation, and a data flow map that will help you identify where your data resides. This will help you to implement targeted measures to reduce the risk of an information security breach.
The Data Flow Mapping Tool simplifies the process of creating data flow maps, giving you a thorough understanding of the personal data your organisation processes and why, where it is held and how it is transferred.
Describing the impact: potential consequences
Explain the possible impact on data subjects. Was there any harm as a result of the breach?
Determining the likelihood and impact of a data breach is best done through a comprehensive information security risk assessment, enabling you to take appropriate action. Suitable for organisations of all sizes, vsRisk™ is a leading information security risk assessment tool that delivers fast, accurate, auditable and hassle-free risk assessments year after year. Fully aligned with ISO 27001, it significantly cuts the consultancy costs typically associated with information security risk assessment.
Reporting on staff training and awareness
Did the staff member involved in the breach receive data protection training in the last two years?
This simple-to-use, interactive GDPR staff awareness e-learning course for employees introduces the GDPR and the key compliance obligations for organisations. It aims to provide a complete foundation on the principles, roles, responsibilities and processes under the Regulation.
The interactive information security staff awareness e-learning course teaches employees about the most important elements of information security, and aims to reduce the likelihood of human error by familiarising non-technical staff with security awareness policies and procedures.
This unique GDPR training programme provides a comprehensive introduction to the requirements of the GDPR, and a practical guide to planning, implementing and maintaining a GDPR compliance programme
Preventive measures and taking action. Addressing the problem
Describe any measures you had in place to prevent a breach of this nature.
Explain the actions you have taken, or propose to take, as a result of the breach. Where appropriate, include actions you have taken to fix the problem and to mitigate any adverse effects.
ISO 27001 is the world’s leading information security standard, trusted by thousands of organisations. These ISO 27001 implementation bundles consist of a specially formulated combination of bestselling tools, hands-on guidance and trusted resources that will help you implement an ISO 27001-compliant ISMS (information security management system) from start to finish.
With prices starting from as little as £300, the Cyber Essentials scheme provides organisations with a cost-effective assurance mechanism to help reduce risk and demonstrate that the most important basic cyber security controls have been implemented.
Our penetration testing packages provide a complete security testing solution for your websites and IT systems. The fixed-cost packages are ideal for small and medium-sized organisations, or those with no prior experience of security testing.
About you: oversight
The ICO requires you to identify the DPO (data protection officer) or senior person responsible for data protection in your organisation.
DPO as a service is a practical and cost-effective solution for organisations that don’t have the data protection expertise and knowledge to fulfil their DPO obligations under the GDPR.
Why choose IT Governance?
- We have an in-depth understanding of the GDPR's requirements and how they can best be met.
- We provide a complete compliance support service to help organisations prepare for and adapt to the GDPR.
- Our specialist team has extensive data protection and information security management project expertise, both in the UK and internationally.
Terms and conditions:
Our offer is available only through www.itgovernance.co.ukor by contacting our customer service team on email@example.com or +44 (0)333 800 7000 until 31 August 2018. The following terms apply:
- This offer cannot be used in conjunction with any other offer.
- The discounts in our offer are applicable as follows:
- 10% discount applicable on purchases between £5,000 and £14,999 (excluding VAT and shipping).
- 15% discount applicable on purchases between £15,000 and £29,999 (excluding VAT and shipping).
- 20% discount applicable on purchases £30,000 and above (excluding VAT and shipping).
- The offer is available only on the products listed on this page: www.itgovernance.co.uk/data-breach-reporting.
- IT Governance operates on a first come, first served basis for training course and consultancy offerings.
- IT Governance reserves the right to remove products and services from the offer, subject to the availability of trainers and consultants. Any refunds through Service Centre will take into account the above discount.
- We reserve the right to terminate this offer earlier than the date stated in this advertisement.