Are you at risk from your suppliers mishandling data breaches?
I’ve seen a few suppliers make classic errors dealing with breaches in their client’s data. Here are the top three errors suppliers make and 5 suggestions to avoid them!
Building Breach Management Policies and Procedures
Category: Breach Management / Accountability
Customer: Global Multinational Company
We implemented a breach management program with a multinational company. This involved creating policies and processes addressing reporting and investigation of incidents, supporting the creation of a training and awareness programme to ensure all employees would recognise and report incidents, supporting breach investigations in the early phase of rollout and creating an oversight process to ensure that senior management were kept informed, that root cause analysis was carried out and that “near misses” were acted on to address process gaps that could lead to future breaches. This was a complex change management project carried out closely with the client who has created a culture of incident reporting in the organisation that significantly reduces the risks associated with data breaches.
Join Our Newsletter
Sign-up to receive news and information from Fort Privacy
Fort Privacy processes your personal data in order to respond to your query and provide you with information about our products and services. Please see our Data Protection Statement for further information
Ode to DPO’s managing GDPR risk
The General Data Protection Regulation is “risk” based legislation. This means that the protective measures an organisation implements should correspond to the level of risk associated with their data processing activities. It’s worth noting that the risk that should be considered here, is the risk to the data subject as opposed to risk to the business of non-compliance.
Get your head above the crowd and KPI your Data Protection Programme
Data Protection Programmes are all the rage these days. It’s great to see the compliance conversation moving in this direction. As a Data Protection Officer (DPO), I know the difference between working with a solid data protection programme and working with none and all.