The GDPR mandates that organisations notify the relevant supervisory authority – in the UK, the ICO – of all data breaches “without undue delay” or within 72 hours, unless the breach is unlikely to present a risk to individuals. In scenarios where the organisations identify a high risk to individuals, there is also a requirement to inform everyone whose data was breached.
As part of your GDPR programme, you should have created a mechanism and organisational structures for identifying and responding to breaches. As with Subject Access Requests (SARS), one of the key ongoing challenges is to be sure that your internal capability can work at scale and without incurring significant administrative overheads. If your organisation is dependent on nominated personnel to execute manual processes around breach reporting, there is a strong risk that you will be unable to meet your statutory obligations in the event of a major incident.
To help organisations cut the time required to identify and respond to breaches, Northdoor offers a comprehensive Breach Reporting Solution that ingests information from multiple systems (including SIEM and helpdesk systems) to provide a clear view at critical times. With embedded workflows and best practices, the solution guides employees through the reporting process and provides integrated security tools to help investigate incidents and prevent recurrence. The solution also maintains evidence of adherence to internal rules and best practices, and enables the simulation of incidents to test response plans and timelines. As external regulations evolve, the Northdoor solution keeps pace with changing standards in breach reporting, helping you remain compliant and avoid penalties.