Data breaches and regulatory complaints
The safeguarding and correct use of personal data is a critical part of data protection compliance. Sometimes, no matter what you do, things go wrong. Whether you are experiencing your first data breach or have received a complaint from individuals or regulators regarding your use of personal data, we will be at your side, providing support throughout the process.
With our vast experience and expertise in handling data breaches, we can help you to identify the risks stemming from such an incident and mitigate its effects on your organisation and those whose personal data has been compromised.
Assessment, containment and recovery
With any data breach, the primary objective is to contain and recover the personal data which has been compromised.
Working alongside your legal, PR and infosec teams, we will help you expedite an initial assessment of the data breach through an extensive investigation into what has happened, ensuring that critical facts are uncovered as quickly as possible.
We will also guide you through the implementation of your incident management plan or assist you with the steps you need to take to mitigate any risks associated with the breach.
Breach management and documentation
We will help you manage your entire breach response and act as a point of contact for the collation of information. During the breach investigation, we will ensure relevant data breach forms and assessments are completed, and data breach registers are up to date. Our team will thoroughly collate information, so if you need to notify any supervisory authorities or individuals, the communications can be expedited without duplicating the investigative research effort.
Notification to supervisory authorities and individuals
Alongside all our other activities, we will also consider whether you need to notify any supervisory authorities (locally and overseas) and affected individuals. We will work with you to ensure any necessary notifications are drafted, submitted, and issued on time and in accordance with the strict deadlines imposed by data protection legislation. If notifications are not required, a complete audit trail of decisions relating to the data breach will be maintained and ringfenced to evidence your compliance with data protection legislation.
Notification of other individuals
Suppose you are required to notify any other third parties of the data breach, for example, where you are acting as a processor or are a joint controller. In that case, we will review the data sharing contracts with the relevant third parties to ensure that you meet your contractual requirements concerning notification and assist with drafting and delivering such notices.
Engagement with PR, infosec and insurance providers
We have extensive experience working collaboratively on data breaches, often working with multiple parties across jurisdictions. As part of the assessment, containment, and recovery process, we will also work with your external advisers and PR team to ensure that any communications regarding the data breach are well managed and joined up. We will also support you by liaising with your insurance providers to ensure they have the most up-to-date factual information to help them assess and deal with the incident.
Lessons learnt and breach prevention
Following the assessment and containment of the data breach, we will work with you and your team to undertake a lessons-learnt workshop. The workshop will assess what went well and identify the aspects of the breach management process that you could improve. We will assist you in re-drafting processes to ensure that, in the event of a further data breach, you will be ready to deal with it swiftly and effectively.
You might also be interested in these services:
Training and mentoring
Improving your organisation’s understanding of the data protection environment.Read more
Privacy management programmes and frameworks
Finding your data protection bearings so you can move forward with confidence.Read more
Compliance audit and remediation
Exploring your data protection landscape and mapping any uncharted areas.Read more