Data breaches and regulatory complaints

With any data breach, the primary objective is to contain and recover the personal data which has been compromised.

Working alongside your legal, PR and infosec teams, we will help you expedite an initial assessment of the data breach through an extensive investigation into what has happened, ensuring that critical facts are uncovered as quickly as possible.

We will also guide you through the implementation of your incident management plan or assist you with the steps you need to take to mitigate any risks associated with the breach.

We will help you manage your entire breach response and act as a point of contact for the collation of information. During the breach investigation, we will ensure relevant data breach forms and assessments are completed, and data breach registers are up to date. Our team will thoroughly collate information, so if you need to notify any supervisory authorities or individuals, the communications can be expedited without duplicating the investigative research effort.

Alongside all our other activities, we will also consider whether you need to notify any supervisory authorities (locally and overseas) and affected individuals. We will work with you to ensure any necessary notifications are drafted, submitted, and issued on time and in accordance with the strict deadlines imposed by data protection legislation. If notifications are not required, a complete audit trail of decisions relating to the data breach will be maintained and ringfenced to evidence your compliance with data protection legislation.

Suppose you are required to notify any other third parties of the data breach, for example, where you are acting as a processor or are a joint controller. In that case, we will review the data sharing contracts with the relevant third parties to ensure that you meet your contractual requirements concerning notification and assist with drafting and delivering such notices.

We have extensive experience working collaboratively on data breaches, often working with multiple parties across jurisdictions. As part of the assessment, containment, and recovery process, we will also work with your external advisers and PR team to ensure that any communications regarding the data breach are well managed and joined up. We will also support you by liaising with your insurance providers to ensure they have the most up-to-date factual information to help them assess and deal with the incident.

Following the assessment and containment of the data breach, we will work with you and your team to undertake a lessons-learnt workshop. The workshop will assess what went well and identify the aspects of the breach management process that you could improve. We will assist you in re-drafting processes to ensure that, in the event of a further data breach, you will be ready to deal with it swiftly and effectively.