Security Incident Management

More than 50% of reported notifiable Data Breaches to authorities are when an email contains Personal Data that is sent to the wrong person. Most Data Protection laws state  - a data breach is only notifiable if it presents "Serious Harm" to a Data Subject. We have processes and tools ready to react to these data breaches and where possible, turn them into harmless events. Avoid Fines - by managing the data breach so that it doesn't harm people and you're in a good position.

Security Incident Management is an essential feature of the GDPMS.

In the event of a Security Incident, it is vital that your business knows what to do and what not to do. Your business is judged by your Customers, Suppliers, Employees, the Public, and the Regulators as to how you manage a Security Incident. You can also attribute any administrative fine or punitive damages directly to how you handle an incident.

Sadly, its no longer a case of "IF" it will happen... It's now just a matter of "WHEN."

Employees cause 75% of all Data Breaches

43% - Phishing and Ransomware

32% - Employee Mistakes

18% by Lost or stolen devices (or records)

3% by Employee (or Internal) theft

4% by other criminal acts

The GDPMS seeks to address all these areas with a variety of measures to mitigate and control these risks. It regulates and implements schedules for Staff Training, Employee Behavior Monitoring, and Reporting regarding actions and reactions to allocated tasks in the performance of Data Protection activities by employees and managers.

In the event of a Security Incident, the GDPMS will evaluate the incident, and advise of the Regulators that need to be notified together with the action plan for notifications. You will receive advice if the Data Subjects are to be informed.

Moreover, the system will consider the Incident and the applicable laws, and the complete actions that need to be taken to report the breach and meet the relevant regulations. Consider that a broad-reaching data breach in the United States may require notification to all 50 State Attorney's General, Law Enforcement, Credit Reporting Agencies, and Data Subjects themselves. Do you know who all these people are? There may be many other regulators if you are dealing with large numbers of Data Subjects that are spread all over the world.

Putting appropriate controls in place is an essential part of any compliance program. The GDPMS, in pure form, assists with the roll-out, with a selection of tools to become compliant. It then monitors and maintains compliance in the right Governance, Risk, and Compliance (GRC) style.

Be the First to Know... Visit & Subscribe to our BLOG

Contact Us

This form is for general inquiries. If you are emailing about an existing case regarding a client that we represent, please reply to any of the email communications that you may have received from us about your matter. If you want to lodge a data subject request with a client that we represent, please visit the Data Subject Request form. You will need to know the Membership ID of the company that you would like to service your request. This information must be published on the contact page of our members website and in their Privacy Policy or Collection Statement.

If you wish to lodge a Data Subject Request regarding our service, our GDPMS ID is UK440000. Only use this code if the request is to be handled by us, that is information we have about you. If you would like to read our Privacy Policy and Collection Statement.










Maizieres Les Metz


Cirie TO



United Kingdom

71-75 Shelton Street

Covent Garden


+44 20 7442-5785

(207) 442-5785

United States

Suite 3377

304 S. Jones BLVD

Las Vegas NV 89107

+1 85 5577-8682

(US/Canada Toll-Free)








Full Service Regions


PO Box 834


NSW 2057

+61 4 6621-2726

(04) 6621-2726

Collection Statement & Privacy PolicyWebsite Cookie Policy | Support Desk

© 2010 - 2019 SPTG LLC, GDPR Forensic Limited. All rights reserved.

Data Protection*Services and are Trademarks of GDPR Forensic Limited (UK) and associated companies.

All prices on this website are EUR/EURO "€" unless otherwise stated.

The star logo and the DPO and CA seals are Trademarks of GDPR Forensic Limited,

unauthorised use is prohibited.