The General Data Protection Regulation (GDPR), the framework that requires businesses to protect the personal data and privacy of European Union citizens, is now in full force. However, some reports state that up to 60 percent of businesses are still not prepared to comply, mostly because of challenges understanding data privacy and how to correctly report and manage data breaches.
Reporting Data Breaches – The 72-Hour Countdown
Under GDPR requirements, businesses only have 72 hours to collect all related data and report the breach to the relevant regulator. This is a significant task for any company and requires the development of a comprehensive containment policy.
Within 72 hours of the data breach, the organization should:
- Carry out an investigation
- Inform regulators and individuals of the breach
- Be clear concerning the impact of the violation
- Explain how the issue will be dealt with
Take into account that if the company fails to make the 72-hour notification, the GDPR will request the controller to provide a reasonable explanation for the delay, adding further disruption to regular business operations and administrative annoyances.
Meeting GDPR Data Breach Requirements
Identify Suspicious Access
To detect a data breach, companies need to answer the question of whether or not their data has actually been accessed, and if the access is genuinely suspicious. Businesses need to have full knowledge of what users are doing with company data, so they don’t miss the key context associated with a breach.
Identifying suspicious access can be challenging, as companies have to provide employees with access to data to perform their job. The solution lies in deploying appropriate policy, process, and technologies to help determine authorized data access and detect anything that might be malicious.
Categorize Real Incidents
Here is where companies need database monitoring technology, data access processes, and analytics the most. Security teams will be able to reduce the time it takes to investigate potential breaches, as they extract real, actionable, high-value events from billions of data access events. Trying to accomplish without technology implies a more significant cost, risk, and use of resources.
Monitor & Log Activity
When it comes to complying with the 72-hour rule, monitoring is critical. Business needs to monitor data access continuously and then record any event in a log, which will also serve as proof of the best efforts in case of a data breach.
By continuously and efficiently controlling and logging all data access, companies can fully understand the specifics of what was compromised and by whom, thus reducing investigation time and speeding the compliance with the 72-hour requirement.
Have all this information at hand, discuss it with your security team, and implement the necessary administrative and technical controls to ensure an appropriate level of security. If you need to consult third-party experts, just drop us a line. We can help you monitor these risks and implement the accompanying controls to ensure they’re effective and they show any changes in the data or associated threats and vulnerabilities.