Do you have a data breach notification plan?Published on 03 Jul 2019
If your business were to experience a breach of personal customer data today – do you have a well planned process to manage the notifications required by the applicable data privacy legislation?
GDPR requires that you notify the relevant bodies within 72 hours of first becoming aware of the issue. There are data privacy bodies in each member state and your DPO or person responsible for data protection needs to know who to notify and how to go about doing it.
Furthermore, In the event of an incident involving personal data, the business must be able to notify all affected individuals in a short time period, with the appropriate information. This could mean sending a series of messages to every one of your customers.
Are you adequately prepared to do that?
Our guru / experts opinion:
To comply with the timelines for notifying the relevant bodies, you need to have the information on hand, as part of your incident management plan. Don’t be scrambling for contact details when the pressure is on.
When it comes to notifying thousands, or even millions, of affected individuals, it’s imperative to have a notification management plan that is agreed between all parties – marketing, IT, compliance and legal.
This plan must include:
- A schedule of events and actions, involving responsible parties
- A set of incident notification templates, pre-tested across devices
- The ability to quickly compile and segment a recipient list
- A pre-approved budget to execute your plan
- A platform that is ready and able to send millions of messages quickly, including the appropriate technical set up (SPF, DKIM, IP warming)
- Reporting to show that the messages were sent within the timeframe, including delivery details and evidence that you made every effort to get a message to each affected party
Don’t leave your data breach notification process to chance! Rather have it well mapped out, with pre-agreed time frames and responsibilities, as well as templates and adequate budget on standby.
Commercial Director, UK