IT Governance has provided a useful checklist for SME businesses looking for information on how companies, in this GDPR environment, need to respond and report data breaches. This is mandatory for businesses that interact with personal identifiable information as it underpins the GDPR legislation they must adhere to.
IT Governance argues there are 10 Points of Action:
1-Find out what types of data are affected
2-Find out how many records are affected
3-Work out how the breach happened. Who and/or what was responsible?
4-Stop the breach from escalating
5-Instigate business continuity plan
6-Determine whether the ICO needs to be notified
7-Determine whether affected individuals need to be notified
8-Establish ways for affected individuals to contact you
9-Contact the ICO (if necessary)
10-Contact affected individuals (if necessary)
The IT Governance website also includes downloadable content including tests and quizzes to help you identify faults and to help remedy IT governance issues. As British Airways and Cathay Airlines can agree, sound IT data security protection is paramount but good IT governance is invaluable as the threats posed by cyber criminals grows daily.