No business owner likes to think about the possibility of their data security system being compromised. Unfortunately, as companies from CVS to McDonald’s have discovered, it can and does happen. If you find yourself in the aftermath of a data breach of any kind, no matter how big or small, the GDPR has a list of rules for you to follow during cleanup. Even companies not subject to the GDPR can benefit from its guidelines.

Your GDPR Data Breach To-Do List

According to the EU GDPR Academy, the five primary steps required for handling a data breach are:

1. Tell your data protection officer (DPO) immediately
2. Determine the extent of the problem
3. Inform the relevant authorities and all impacted subjects of the problem
4. Double-check what happened, who was affected, etc. and contain it as much as you can
5. Review your existing security setup, determine how it could improve, and take the time to strengthen your system

Additional Data Breach Resources

For more information on how the GDPR requires you to respond to a data breach, check out these resources:

• GDPR Article 33: how to report a data breach to the proper authorities
• GDPR Article 34: how to report a data breach to the data subject
• Perkins Coie: a law firm’s perspective on GDPR data breach requirements
• HIPAA Journal: how GDPR data breach law applies in a medical context

Respect Your Clients’ Right to Privacy

The GDPR isn’t the only law with specific data privacy requirements. But with so many around the world, each with its own take on handling data breaches and similar cases, how can you keep track of them all? Try using 4Comply, an easy-to-use software that tracks privacy laws relevant to you and keeps you updated on any changes that may affect your marketing strategies. Stay prepared for the next privacy challenge! Contact us to get started today.