Data Breach Management

Data Breach Management

If you had a data breach, would you know what to do? Perhaps hope no one ever finds out, and quietly fix the reasons for the breach?

No, that might only make things worse. There are procedures to follow, people you may need to tell, and timescales within which to do it.

And unfortunately, data breaches are more common than any of us would like – certainly more than the ICO would like. And raised awareness among data subjects is contributing to a significant increase in breaches being reported.

The right knowledge and experience is essential to protect the individual/s whose data has been breached. It will also protect you, your business and your business’ reputation.

Plan ahead to manage your own penalty

There’s so much more to managing a data breach than apologising and moving on. How you respond to a breach, and the procedures you’ve already put in place should a breach happen, can make all the difference in the ICO’s eyes. It could mean the difference between:

  1. being fined up to £20,000,000 (yep, that’s twenty million pounds)
  2. being fined 4% of your global turnover
  3. just getting some advice from the ICO
  4. no action being taken by the ICO.

Which outcome would you prefer? If it’s either of the last two above, then to have the best chance of securing one of these outcomes you’ll need to have all of your procedures nailed down (including how you’d handle a breach) well before it happens.

What’s involved in reporting a data breach?

First of all, you need to undertake a preliminary investigation to decide whether you need to report the breach to the ICO. Not all breaches need to be reported, and it can be difficult to decide whether your incident meets the criteria for reporting. Remember you only have 72 hours between discovering the data breach to when you need to report it to the ICO – if it’s reportable.

Have expert support on stand-by

Having a go-to specialist permanently in the wings, to guide you through the management of the breach and your decision-making processes, is invaluable. And that’s where we can help.

Having supported others through breach management (and, where required, reporting it to the ICO), we have the knowledge and expertise to help and guide you through what can be a very challenging, disruptive and stressful time for you, your business and the data subject.

When a breach happens, we understand the urgency. We’ll will make it our number-one priority to ensure you’re fully supported, every step of the way.

“I frequently contact Data Protection Consultancy for specific advice as and when situations arise. They have always been able to answer my queries promptly and always provide me with formal written advice in addition to that given by telephone. The charges have been reasonable and fair, charging only for the work actually done.”
Housing association, London
“Data Protection Consultancy provided pragmatic guidance on strategies to move us from good to great. They’ve been with us every step of the way in navigating both UK data legislation changes and on the international data transfer scene.”
Software developer
“On multiple occasions, Data Protection Consultancy have gone out of their way to be of help to us with emerging situations.”
Financial services sector
“Our insurance broker now considers us to be one of their best-protected clients.”
e-learning client
“Internal engagement with data protection issues is at an all-time high and we’ve been able to satisfy our educational customers that we meet the stringent data security requirements of the DFE.”
Education client
“Their approach was thorough, tactful and persuasive about the changes needed. Suggestions for change were always practical and interaction with staff was professional at all times. Staff reflected back how informative it was, and we started seeing a sense of interest and engagement in data protection compliance as a result.”
Professional membership organisation
“DPC delivered their final report on deadline/budget and was written in a way that it was easy to understand. This was followed by a presentation to our leadership team, which was professional in manner, demonstrated their knowledge and expertise, and was persuasive about why change needed to happen.”
Trade union
“David has kept us up-to-date with emerging data governance issues. I have found him very helpful when we asked him to review our newly written data protection policy.”
Healthcare client
“Data Protection Consultancy has worked closely with me on delivering of series of workshops on the new EU data protection regulation. Their preparation was very thorough and professional, and their knowledge and expertise was clearly demonstrated.”
Professional association in London
“You explained the subject clearly, in a way that was easy to follow and your enthusiasm for the subject made a potentially dry subject an interesting one. You have an effective and friendly delivery style, which resulted in very positive feedback from the training participants.”
Client in London
“Our consultant’s preparation was thorough and professional at all times, and their data protection knowledge and expertise was clear. The recommendations were also clear, concise and professionally produced, and were accepted by the senior managers of our organisation.”
UK care charity
“They have continued to provide support and assistance following the audit, which has been
extremely beneficial. I would have no hesitation in contacting the Data Protection Consultancy for advice which I know will always be knowledgeable and professional.”
Client in London
“He quickly developed a good understanding of the business and our data protection issues. The resulting audit report was concise and informative, facilitating the preparation of an organisational data protection action plan.”
Charity client
“Our consultant has always provided us with a prompt response and good advice. He has always been friendly, courteous and professional. I would have no hesitation in recommending the Data Protection Consultancy.”
Charity client
“During our 14-day consultancy project, two things became immediately obvious. Firstly the knowledge and skill of the consultant, and secondly his ability to share this knowledge in a friendly but professional manner. No matter how small or trivial the question, he always presented a well-thought-out answer.”
Global facilities management
“David advised us on a number of contractual issues and produced many documents, policies and guidelines which were easy to implement. This, combined with effective training and his desire to bring a practical approach to the legislation within our business, has been excellent.”
Large construction client
“We approached Data Protection Consultancy for a review of our systems and procedures. We had a very narrow time-frame and were really impressed that they offered to visit our site on a weekend to fit in with us.”
Energy client
“At the end of the process we were provided with a clear and concise document which identified areas of existing good practice but also where and how improvements could be made. We also received a set of policy and procedure documents to help us maintain our compliance. I have been very pleased with the prompt and expert service.”
“We have always received an excellent service and would not hesitate in recommending them.”
Insurance company
“David Taylor came into our chambers to conduct a data protection health check. He was professional, knowledgeable about chambers procedure, and helpful on the day. Just as importantly, he has provided ongoing support and advice. I would have no hesitation in recommending him.”
Barristers Chambers
“We have over 50,000 tenants and take seriously our responsibilities to ensure that their sensitive personal data is processed properly. Our systems are complex and we have many partners with whom we are required to share data. David Taylor understood how the business works and was able to provide pragmatic and sensible advice to assist us in complying with our obligations.”
Housing association Northern England
“Our consultant had a friendly yet professional approach and worked well with my staff without taking up a disproportionate amount of their time.”
Housing association, London
“Your audit identified the issues which needed resolving, provided me with all the relevant documentation in order to meet our obligations, and did so with a light touch and at a very
competitive price. This relieved me of a significant administrative burden, for which I thank you, and I would happily recommend your services to other sets of chambers.”
Director of barristers’ chambers
“Their supporting reports and documentation, including risk assessments, are very beneficial – as is their ongoing support following the visit.”
Marketing Agency
“I have always found their approach to be highly professional, informed and yet pragmatic when necessary. Their authoritative position on data protection issues inspires confidence, and their response to requests for advice are both prompt and complete.”
Membership organisation
“The reports produced were thorough, concise and most helpful. Mr Taylor has given the school comfort to know that its existing data protection systems are adequate, compliant and secure. We have been most grateful to him for this peace of mind and for his most professional approach.
Independent school
“The final audit report (of all our systems, processes and documentation) was clear and to the point and demonstrated an excellent knowledge of the Data Protection Act. We were also provided with a comprehensive collection of bespoke policies, procedures and contracts. I was particularly impressed with David’s attention to detail and thoroughness, and his ability to explain what seems to be a complicated piece of legislation.”
Local authority
“I was reassured that they understood barristers’ chambers and I asked them to carry out an audit and to make recommendations. They did this in the timeframe and for the fee agreed. Their recommendations were practical and helpful. I have no hesitation in recommending their work to other barristers’ chambers.”
Barristers chambers