GDPR Article 33: 72 Hours Is Not a Lot of Time
According to the EU General Data Protection Regulation (GDPR) which goes into full effect May 2018, “…as soon as the controller becomes aware that a personal data breach has occurred, the controller should notify the personal data breach to the supervisory authority without undue delay and, where feasible, not later than 72 hours…”. Failure to do so may result in severe financial penalty — not to mention potential damage to reputation. GDPR mandates that notification must be given when a breach is likely to “result in a risk for the rights and freedoms of individuals”. This means immediate data breach reporting to the proper authorities for any chance of a personal data breach within the allotted 72-hour time frame.
Prepared for Immediate Data Breach Reporting?
These new regulations apply to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location. Data processors will also be required to notify their customers, the controllers, “without undue delay” after first becoming aware of a data breach. Time is of the essence when it comes to reporting any misuse or breach of personal data security.
With the ever increasing speed of technology, it’s more important than ever to properly and swiftly identify and mitigate the risk of any data breach. Organisations must become adept in identifying the potential risk of a breach, detecting the actual breaches, and defining the nature of the breach, as well as providing activity detail should a breach occur. Discover how the right technology can help with breach detection, potential breach activity, as well as provide the activity detail your organization needs to stay GDPR compliant.
Insider Risk – How Prepared Are You?
Not every company is equally prepared to deal with insider risk. This report outlines the four stages of insider risk maturity and explores how to improve your insider risk preparedness.
About the author
