Steps your business should be taking NOW

GDPR requires organisations to maintain a plan to detect a data breach, regularly evaluate the effectiveness of security practices, and document evidence of compliance.

Your company is responsible for how you securely maintain the personal data that you collect from your customers.  You will need to make sure you are familiar with the GDPR guidance on what to do in the event of a ‘personal data breach’.  This is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed.

Establish where personal data is being held.

The GDPR is expansive and covers all IT systems, network, and devices, including mobile devices. It is essential that you take stock of all assets across your infrastructure and create an inventory so that more stringent controls to be applied.

Vulnerability scanning

New vulnerabilities in systems and applications arise almost daily. Your organisation must stay on top of these weaknesses with regular vulnerability scanning to identify where weaknesses exist that could be exploited.

Risk Assesment

Conduct risk assessments and apply threat models relevant to all departments of your business

Regularly Test

Regularly test to gain assurance that security controls are working as designed.

Detection Controls

Put in place threat detection controls to reliably inform you in a timely manner when a breach has occurred.

Document Response Plan

Have a documented and practised incident response plan.

Have a communication plan in place to notify relevant parties

A communication plan should include:

  • The nature of the breach.
  • The name and contact details of the organization’s data protection officer.
  • The likely consequences of the breach.
  • The measures you are taking or proposing to address the breach and mitigate its effects.

Working with Growth Industries

Financial Services
Business & Professional Services
Medical Services
Consumer Services
Oil & Gas Mining