GDPR: HANDLING PERSONAL DATA BREACHES

GDPR: HANDLING PERSONAL DATA BREACHES

Under the GDPR, Data Controllers have a duty to record and, in some cases, report personal data breaches to the Information Commissioner as well as Data Subjects. In addition, there are other statutory and regulatory duties for recording, reporting and responding to information security incidents impacting on personal data.

This workshop will examine the law and best practice in this area, to
identify how organisations can deal appropriately with data security
incidents and data breaches, in order to minimise the impact on
customers and service users and mitigate reputational damage.

This is an interactive workshop using exercises and group discussion to support real-world application.

THE LAW
Security provisions in GDPR
Data Protection Act 2018
NIS Directive
MANAGEMENT
Key roles
Importance of leadership
Preparing the incident team
Data processors responsibilities
Other stakeholders
NCSC guidance
THE INCIDENT
Recognising a security
breach incident
Initial reports and
assessment
Investigation
Lesson-learning
REPORTING
To report or not?
ICO advice
Making the judgement call
Notifying the Data Subjects
PRACTICAL ASPECTS
Recovery, remediation
and mitigation
Communication
Record-Keeping
Closing the incident
Training and testing
your response
CASE STUDIES AND
EXERCISES