With the recent implementation of the GDPR, business owners and managers have heard plenty about data security, and the potential financial penalties of a data breach. For many business owners, a data breach is unthinkable, but according to a 2017 government report, almost half of all UK business suffered some form of breach in the preceding year.
Would you know what steps to take if the worst should happen? Read on, to learn what to do if your company falls victim to a data breach.
Ensure Regulatory Compliance
The first thing you should do after learning that your organisation has suffered a data breach is to refer to the ICO’s GDPR guidelines.
These stipulate that all organisations must report ‘certain types of personal data breach to the relevant supervisory authority’. This must be done ‘within 72 hours of becoming aware of the breach, where feasible.’
The ICO’s guidelines also stipulate that if the breach is likely to adversely affect ‘individuals’ rights and freedoms’, then you must inform said individuals immediately.
It is also imperative that you keep an accurate record of any data breaches that your organisation has suffered, for legal and auditing purposes. The ICO dictate that you must do this regardless of whether you have been required to notify either your customer or clients, or the relevant supervisory authority.
When you have taken the difficult but necessary steps to make your customers and the relevant authorities aware that you have suffered a data breach, it’s time to redouble your security efforts. Customer trust will be seriously damaged in the event of a data breach, and it’s vital that your company speaks with action, not words, by doing everything in your power to ensure that your data is never breached again,
IT security company, Trend Micro, recommend that businesses redesign their entire security infrastructure following a data breach, to protect against potential insider threats, as well as external hackers. Vigilance is key, and no expense should be spared when it comes to increasing security throughout your company post-breach.
When you are confident that the wheels are in motion to protect against future breaches, and that all people who need to be legally made aware of the breach have been notified, it’s time to go into damage control. It is unfortunate fact that data breaches pose an existential threat to many businesses. Quite aside from the potential financial penalties, and the loss of revenue caused by downtime, the reputational damage that a company faces in the wake of a data breach can be catastrophic.
This means that how you respond to the news of the breach is crucial. The absolute minimum that a breached organisation should do is to send out an email to all customers and interested parties, accepting responsibility, explaining how the breach occurred, and offering reassurances that steps are being taken to ensure that this will not happen again. If you have the resources, and the breach has been particularly severe, it may even be worth considering opening a temporary call center to deal with questions from concerned customers.
To ensure that the data on your IT assets remains secure beyond it’s natural life-cycle, it is imperative for your organisation to invest in a reliable IT asset disposal vendor. With over 25 years industry experience, tier1 are proud to be the UK’s most accredited ITAD supplier. We possess the skills, accreditations and experience to handle our clients’ data with the care they deserve, and to dispose of it responsibility and legally.
Contact us today on 0161 777 1000 or visit https://www.tier1.com to find out how we can help you dispose of your data safely and reliably.