Even though your business, or the head-office may be located here in South Africa, GDPR still has an impact on your operations and that impact will only intensify in the future as POPI adopts an increasing range of GDPR standards.
The most prudent approach for any business at this stage, is to be prepared. While that preparation may seem like an onerous task, it really isn’t and just requires a little forethought and planning.
It is a smart move to start rolling out good governance practices in your organisation, that safeguard your interests.
One of these practices includes the reporting of a data breach within 72 hours of your being made aware of such a breach. But what does this actually mean?
In short – under GDPR requirements, you have 72 hours to gather all information related to a breach and report this data to the relevant regulator. While that may sound simple, it is in fact a major undertaking.
Data breach reporting requires measured steps. Here’s what they are…
At an absolute minimum, the data protection authority will expect the following process and information to be supplied:
- Carry out a thorough investigation
- Immediately inform any individuals impacted by the breach
- Identify the nature of the breach:
- Who accessed what and when
- Who the users are
- How that data is being used
- Which individuals have been impacted
- Record of the historical steps that have been implemented to prevent a breach
- Estimated impact of the breach
- Forensics details
- Mitigation of remediation plan
- Draft of a comprehensive containment plan
The work required to collate the information required by authorities and the steps needed to improve data protection within the network is alone a significant undertaking, and one which most organisations do not have the additional resources to fulfil. In addition, the timeframe provided to submit such extensive data and proof of remediation is very short.
Given the fact that breaches are typically not discovered for weeks, months or at worst – even years after they have occurred – collating the data required by authorities can be a difficult and tedious task, particularly for teams that are not necessarily fully au-fait with the reporting required.
This is where MMC can help you.
We’re not only able to ensure you have the correct protection in place, with a multi-layer security strategy that monitors and safeguards your data and network 24/7, our team also has the experience to prepare reporting, plans and remediation on your behalf, well within the required 72 hour timeframe.
Learn more when you book a Security Workshop with us
Our security workshop is designed to reveal to you where your risks lie, as well as pinpoint ways that you can most effectively manage your risk.
When it comes to intrusion detection and prevention, we will show you a best practice approach that will fit into your budget and operational needs, as well as support services that provide you with specialist resources only when you need them.
We’d like to invite you to take advantage of this workshop as soon as possible. Complete the form below to send us a booking request for a time that is most convenient for you.