Security Incident Management
More than 50% of reported notifiable Data Breaches to authorities are when an email contains Personal Data that is sent to the wrong person. Most Data Protection laws state - a data breach is only notifiable if it presents "Serious Harm" to a Data Subject. We have processes and tools ready to react to these data breaches and where possible, turn them into harmless events. Avoid Fines - by managing the data breach so that it doesn't harm people and you're in a good position.
Security Incident Management is an essential feature of the GDPMS.
In the event of a Security Incident, it is vital that your business knows what to do and what not to do. Your business is judged by your Customers, Suppliers, Employees, the Public, and the Regulators as to how you manage a Security Incident. You can also attribute any administrative fine or punitive damages directly to how you handle an incident.
Sadly, its no longer a case of "IF" it will happen... It's now just a matter of "WHEN."
Employees cause 75% of all Data Breaches
43% - Phishing and Ransomware
32% - Employee Mistakes
18% by Lost or stolen devices (or records)
3% by Employee (or Internal) theft
4% by other criminal acts
The GDPMS seeks to address all these areas with a variety of measures to mitigate and control these risks. It regulates and implements schedules for Staff Training, Employee Behavior Monitoring, and Reporting regarding actions and reactions to allocated tasks in the performance of Data Protection activities by employees and managers.
In the event of a Security Incident, the GDPMS will evaluate the incident, and advise of the Regulators that need to be notified together with the action plan for notifications. You will receive advice if the Data Subjects are to be informed.
Moreover, the system will consider the Incident and the applicable laws, and the complete actions that need to be taken to report the breach and meet the relevant regulations. Consider that a broad-reaching data breach in the United States may require notification to all 50 State Attorney's General, Law Enforcement, Credit Reporting Agencies, and Data Subjects themselves. Do you know who all these people are? There may be many other regulators if you are dealing with large numbers of Data Subjects that are spread all over the world.
Putting appropriate controls in place is an essential part of any compliance program. The GDPMS, in pure form, assists with the roll-out, with a selection of tools to become compliant. It then monitors and maintains compliance in the right Governance, Risk, and Compliance (GRC) style.