Responding to data breaches

Breach is probably the most-used word in all of the GDPR. After all, the regulation is about protecting data and eliminating breaches. Many organisations are ill-prepared to respond to these incidents, often due to the culture around admitting and acknowledging them.

You can use CCH GDPR Compliance to log breaches and your organisation’s responses to them. Our breach management workflow helps you do all of the following:

• Understand the possible causes behind incidents.
• Understand what the typical response should be.  Assemble and manage the response team.
•  Perform an initial assessment.
•  Record the likely causes.
• Record the incident location.
• Record any preventative measures that were in place.
• Determine the risks to data subjects and steps they might take to mitigate impact.
• Include law enforcement in any decision making.
• Produce suggested content for engagement with your supervisory authority.
• Produce suggested content for engagement with data subjects.
• Evaluate the effectiveness of your response.

If you need to report a breach to your supervisory authority, then the workflow alerts you and gives you a downloadable report you can use as the basis of the report you submit. If you need to report a breach to impacted data subjects, then the workflow will alert you and give you a downloadable email, which you can use as the basis of the email you send to the impacted individuals.

The breach log gives you a historical record of all the incidents to ensure that the learnings from them have been implemented.