New in Privacy Nexus: The Incidents & Data Breaches Module
Organisations store practically all their data digitally. The question is no longer whether there will be a data breach, but when. You have a data breach when your files are hacked or if you give unintended access to these files. Under the General Data Protection Regulation (GDPR), every data breach within an organisation must be documented, so that the Data Protection Authority (DPA) can check whether the obligation to report has been met. Documenting data leaks is therefore extremely important. But how do you collect and qualify information about a data breach? How do you handle this efficiently? And how do you make sure that you close the incident neatly?
In Privacy Nexus, you can now use the new Incidents & Data Breaches module, specially designed for privacy and security professionals who deal with this in daily practice. With the module, you can easily and quickly meet the strict requirements that are set for the registration of data leaks in an organization. And with the help of the software, you can easily complete the necessary tasks, create an audit trail and have your data leaks checked by the DPA in order to show that you meet the data leaks notification requirements. With this module, Privacy Nexus helps to perform another essential task within the scope of your privacy management.
In three simple steps, Privacy Nexus guides you through the process of gathering information about the incident, qualifying it as a data breach or security incident, and handling the outcome. All this helps you to report the data breach within the 72-hour deadline.
1. Collecting and qualifying information
With the help of a short questionnaire, Privacy Nexus helps you to collect all the information necessary to properly assess whether the security incident is actually a data breach.
When you are indeed dealing with a data breach, Privacy Nexus asks some additional questions to assess the impact and scope of the data breach. These questions help you to collect the necessary data to determine whether and what you should report to the Data Protection Authority (DPA) and whether you should inform the persons involved.
2. Handling
Based on the information from the previous step, Privacy Nexus presents you with measures to deal with the incident, and it is possible to record your progress regarding these measures. These measures are:
- Informing the DPA (if applicable)
- Informing data subjects (if applicable)
- Application of technical measures in relation to the incident
- Application of organisational measures in relation to the incident
All these actions are displayed in a To-Do list and are tracked on a timeline that shows the progress during the handling of the data breach. This also gives you a clear audit trail if the DPA wants to know how you handled a particular incident.
3. Conclude
When each step is marked as completed, the incident can be closed. This indicates that you have done everything in your power to deal with the incident, and that you will not take any further action on this incident.
With this new module of Privacy Nexus, we offer you support in the process of reporting incidents and data leaks. By using the module correctly, you meet the requirements of articles 33 and 34 of the GDPR. And that means another step closer to GDPR compliance for your organization!