• Breach Response Plans

Breach Response Plans

How an organisation handles a data breach can make the difference between survival and extinction. The GDPR enables Supervisory Authorities to levy significant and punitive fines, but it is more likely to be the reputational impact that will cause the most damage.

Defining a clear plan, identifying the roles, the actions and their priority is key to weathering the inevitable storm that follows a data breach. Considerations include:

  • Contacting the supervisory authority and providing them with relevant and sufficiently detailed information so they can act without delay
  • Contacting the impacted clients and informing them of actions you will be taking and advising them of actions they can take, e.g. changing passwords
  • Informing public and press
  • Understanding the sources of information which can be used to investigate the breach

BDO's GDPR & Data Protection team can:

  • work with your team to define a robust Breach Response Plan (BRP) that works for your business
  • review an existing BRP to ensure it is fit for purpose