X

About

Advertise

Contact

Linkedin
Twitter
Facebook-f
  • News
    • In the Press
    • Politics and Finance
  • Featured
    • Podcasts & Films
    • Interviews
    • Events
    • Finance on Social Media
    • Jobs
    • MPS Report
  • GBI
    • Tax Efficient Investments
    • Open Investment Opportunities
    • People Behind the Product
    • GBI Magazine Issues
    • About GBI
  • Business
    • Regulation and Compliance
  • Magazines
  • The M&G Adviser Hub
Menu
  • News
    • In the Press
    • Politics and Finance
  • Featured
    • Podcasts & Films
    • Interviews
    • Events
    • Finance on Social Media
    • Jobs
    • MPS Report
  • GBI
    • Tax Efficient Investments
    • Open Investment Opportunities
    • People Behind the Product
    • GBI Magazine Issues
    • About GBI
  • Business
    • Regulation and Compliance
  • Magazines
  • The M&G Adviser Hub
Search
Close

About

Advertise

Contact

Jobs

Tools for Advisers

Untitled-1
Linkedin
Twitter
Facebook-f
  • News
    • In the Press
    • Politics and Finance
  • Featured
    • Podcasts & Films
    • Interviews
    • Events
    • Finance on Social Media
    • Jobs
    • MPS Report
  • GBI
    • Tax Efficient Investments
    • Open Investment Opportunities
    • People Behind the Product
    • GBI Magazine Issues
    • About GBI
  • Business
    • Regulation and Compliance
  • Magazines
  • The M&G Adviser Hub
Menu
  • News
    • In the Press
    • Politics and Finance
  • Featured
    • Podcasts & Films
    • Interviews
    • Events
    • Finance on Social Media
    • Jobs
    • MPS Report
  • GBI
    • Tax Efficient Investments
    • Open Investment Opportunities
    • People Behind the Product
    • GBI Magazine Issues
    • About GBI
  • Business
    • Regulation and Compliance
  • Magazines
  • The M&G Adviser Hub
Untitled-1
Linkedin
Twitter
Facebook-f

Personal data breaches for GDPR compliance: everything you need to know 

Dan May talks us through some practical considerations to ensure you avoid the confusion

by Sue Whitbread
January 7, 2021
in News
Share this story
The hidden risks of BR products
Share this story

 

After a year of disruption, the growing pains of cybercrime are becoming gradually more a nuisance, and a drama, for businesses says Dan May,Commercial Director at @ramsac_ltd.

With swells of information online, and practical resources, it may be easier to identify a crime, but it’s not always obvious what the proper response or sanction should be. When it comes to data protection and operational compliance, authorities like the Information Commissioners Office, or ICO, have all noticed a pattern of confusion surrounding incident management. Businesses, apparently, aren’t sure how they can combat cybercrime.

The Information Commissioner’s Office recently revealed that nearly a third of the total 500 reports of data breaches are unnecessary, entirely redundant, or fail to meet the minimum threshold of a GDPR personal data breach. This comes as many firms attempt to ready themselves for changing GDPR (General Data Protection Regulation) compliance; with this evolving compliance, there is a growing level of shared misunderstanding when it comes to appropriate incident management under data protection regulation.

One growing trend, ‘over-reporting’ is perhaps the most common reaction to perceived breaches against a company. Whilst this is mostly driven by honesty and transparency, clearing up misconceptions surrounding GDPR and data breaches should help businesses remain competitive by avoiding risky or costly penalties.

Identifying breaches

Over reporting is not a strategy. It’s the height of this confusion, a kind of scattered reaction, or misunderstanding about how to control a data breach. Under GDPR compliance, which covers European territories and beyond, it is a matter of strictest compliance to officially report compromises to your stored data. Reporting this is also considerably more important than a kind courtesy for your employees, but it can regulate the collection, movement, and storage of personal information, which can thwart cybercrime.

As captured by the General Data Protection Regulation, a personal breach can be understood as a “breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed” (captured in Article 4, definition 12).

Importantly, not all ‘breaches’ are equal in severity. Therefore, not every incident needs to be officially reported. Any compromise that falls outside of the above definition, or where the severity represents a low risk, then action isn’t required. The goal for businesses should be clarifying whether action is officially required or not for each scenario of breach.

It is good practice to evaluate incidents and cases individually. Start by determining the next actions based on the severity, or compromise, of each breach. Some breaches may only affect or inconvenience the role of a single employee, whereas larger compromises can impact so much more.

Any business that suffers a breach should plan to formally document what happened and any next actions, including whether it was reported or if it failed to meet the criteria.

What needs to be officially reported?

Compliance isn’t easy. When businesses fail to properly respond to the ICO’s request for information, typically by misreporting with inaccurate data, then the risk for penalties or incompliance is only heightened. Incident management can – and should – be anticipated as part of a strategy for handling future breaches. Every business, in conjunction with their HR department, should work to identify the common risks and by understanding the best action to rectify (or manage) the incident.

Refer to the ICO’s data breach reporting assessment for the kinds of information required following a breach. Your investigation should match their expectations for the depth of information supplied. The ICO expects you to document from the breach discovery to management of its effects, and following actions.

Failure to respond properly to data breaches, under the GDPR, has a single outcome: penalties. The role of data protection cannot be underestimated. Compliance with GDPR can define how your operation does business in the faraway markets under data protection governance.

How soon should a breach be reported?

All businesses are responsible for identifying, and responding to, breaches under data protection. Not only should businesses aim to have the proper and proportionate controls in place to promptly detect, and rectify, a breach, but they should report any compromises within 72 hours to the supervisory authority (which is summarised in Article 33). One of the most common oversights about compliance with GDPR is that this mandatory reporting period accounts for 72 working hours – a breach, on the contrary, should be controlled within 72 hours from the moment of discovery.

If an employee or the public is involved by unauthorised data breaches, those affected should be appropriately notified immediately and sensitively. This will allow those affected parties an opportunity to take precautions and guard themselves from any fallout.

Dan May is the commercial director at ramsac, providing secure, resilient IT management, cybersecurity, 24-hour support and IT strategy to growing businesses in London and the South East.

Previous Post

One dead as pro-Trump mob storms US Capitol

Previous Post

New car registrations drop to lowest level in almost thirty years in 2020

Previous Post

House building underpins UK construction sector in December

Next Post

FCA warns 4,000 firms could fail in Covid-19 crisis

Next Post

IP Group slumps as Invesco sells 61.9m shares

Next Post

Creo Medical gets FDA clearance for ‘MicroBlate Flex’ device

Related Posts

FCA SMCR – CISI launches Conduct Rules members’ toolkit
News

Defaqto launches market-leading Income Drawdown tool 

January 20, 2021
News

2020 -a record year for impact issuance, likely to be repeated in 2021

January 20, 2021
Too close to call; the markets’ response to the US election
News

What’s in store for President Biden’s first 100 days in office?

January 20, 2021
HMRC’s customer service levels deteriorate with call wait times increasing 31% in month
News

HMRC’s customer service levels deteriorate with call wait times increasing 31% in month

January 20, 2021
Unicorn Asset Management makes two new appointments
News

Unicorn Asset Management makes two new appointments

January 20, 2021
The Royal Mint reports sharp rise in millennial investors and gifting gold
News

The Royal Mint reports sharp rise in millennial investors and gifting gold

January 19, 2021
Next Post

FCA warns 4,000 firms could fail in Covid-19 crisis

IP Group slumps as Invesco sells 61.9m shares

Creo Medical gets FDA clearance for 'MicroBlate Flex' device

Podcasts & Films

  • Put an atomic clock in your car, phone and on your wrist
    January 13, 2021
  • The Nexus Scale-Up Fund walk through
    December 21, 2020
  • Net4 x ARIE Capital webinar, hosted by CoInvestor
    December 18, 2020
  • How does Nexus Communicate with clients?
    December 18, 2020
  • Nexus Investments – Reasons for Advisers to be positive in 2021
    December 17, 2020
  • The Nexus Story
    December 16, 2020

Today’s Most Read

  • Wirecard scandal: EY defends itself in the Bundestag
    January 14, 2021

    @peter_IFAMAG reads Twitter so you don’t have to. The Wirecard Investigation Team meets again at the Bundestag today. Prompted by investor action following the Wirecard

  • London Capital & Finance judicial review
    January 15, 2021

    @peter_IFAMAG reads Twitter so you don’t have to. The London Capital and Finance vehicle lost 11,625 investors £237m in January 2019. Today brings news that

  • Former Man Group and Octopus Real Estate executives launch Silbury Finance
    January 14, 2021

    Two experienced property finance executives, backed by funds managed by Oaktree Capital Management, L.P. (“Oaktree”), have launched Silbury Finance (“Silbury”), a platform providing bespoke senior

  • TikTok Investors give financial advice, the industry reacts
    January 18, 2021

    @peter_IFAMAG reads Twitter so you don’t have to. Retail investing exploded in 2020, but along with that has come the proliferation of shoddy advice. Today

  • Supreme Court judgement in FCA’s business interruption insurance test case
    January 15, 2021

    The Supreme Court delivers judgement in favour of policyholders in the FCA’s business interruption insurance test case The Supreme Court has substantially allowed the FCA’s appeal on

  • Pembroke VCT sees 2.3x exit in 12 months
    January 15, 2021

    Pembroke VCT, the venture capital trust focused on building the consumer brands of tomorrow, has successfully exited its investment in Pasta Evangelists, which delivers restaurant-quality pasta

  • New UK levy on assets above £500,000 – what do private clients need to know?
    January 14, 2021

    By Paul Fairbairn, partner at Cripps Pemberton Greenish On 9 December the self-styled and in no way government-affiliated Wealth Tax Commission published their findings. This

  • Asset Intelligence launches two investment funds in partnership with T. Rowe Price
    January 19, 2021

      Asset Intelligence Portfolio Management (AIPM), the Midlands based discretionary fund manager, today announces the launch of two new investment funds: The VT Asset Intelligence

  • Good news for investors as M&G Investments reduces annual charge across large proportion of OEIC funds
    January 15, 2021

    M&G Investments have just announced  that from 15 February 2021, investors in the majority of their OEIC funds will benefit from a reduction in the

  • Gold outlook to Q4: At the crossroads of hope and fear
    January 14, 2021

    WisdomTree provides a detailed gold outlook to the fourth quarter of 2021. The outlook discusses the performance of the gold price based on three potential

More Articles

Blackfinch Ventures: In the spotlight
Interviews

Blackfinch Ventures: In the spotlight

January 7, 2021
Making a positive difference at the cutting edge
Interviews

Making a positive difference at the cutting edge

January 7, 2021
Meet the manager of the M&G Global Listed Infrastructure Fund
Interviews

Meet the manager of the M&G Global Listed Infrastructure Fund

December 15, 2020
Par Equity is the bright EIS star of the North 
Interviews

Par Equity is the bright EIS star of the North 

November 23, 2020
What’s next for Mercia?
Interviews

What’s next for Mercia?

November 2, 2020
M&G Positive Impact Fund: Q&A with Ben Constable-Maxwell
Interviews

M&G Positive Impact Fund: Q&A with Ben Constable-Maxwell

October 21, 2020
People Behind the Product: Pippa Gawley, Zero Carbon Capital
GBI

People Behind the Product: Pippa Gawley, Zero Carbon Capital

October 7, 2020
People Behind the Product: Matthew Steiner, Stellar Asset Management
GBI

People Behind the Product: Matthew Steiner, Stellar Asset Management

October 6, 2020
People Behind the Product: Ewan Lloyd-Baker, Seismic Venture Partners
GBI

People Behind the Product: Ewan Lloyd-Baker, Seismic Venture Partners

October 5, 2020

About Us

​IFA Magazine – for today’s discerning financial and investment professional.

Published ten times a year, IFA Magazine has been winning a keen and enthusiastic following among Britain’s premier financial advisers, planners and paraplanners.

Newsletter

    Follow Us

    Linkedin
    Twitter
    Facebook-f

    © 2021 All rights reserved​ to IFA Magazine | Website by: Nivo Digital | Terms and Conditions

    Do NOT follow this link or you will be banned from the site!

    Adblock Blocker

    We have detected that you are using

    adblocking plugin in your browser. 

    IFA Magazine
    • News
      • In the Press
      • Politics and Finance
    • Featured
      • Podcasts & Films
      • Interviews
      • Events
      • Finance on Social Media
      • Jobs
      • MPS Report
    • GBI
      • Tax Efficient Investments
      • Open Investment Opportunities
      • People Behind the Product
      • GBI Magazine Issues
      • About GBI
    • Business
      • Regulation and Compliance
    • Magazines
    • The M&G Adviser Hub