GDPR Notification Versus Remediation
One of the ‘rules’ under GDPR is somewhat of a stickler. Organizations are required to provide detailed information of a data breach within 72 hours. Currently in the US, California has the most stringent law that states 15 days. We like to drag our feet. Think about how many breaches have occurred, yet only come to light months later, if at all.
My first question is, how is any organization going to provide the following information in 72 hours? Although, if organizations were proactively managing content and knew what the heck was going on in their enterprises, they probably could do this.
According to Article 33 of the GDPR, organizations need to:
- Describe the nature of the personal data breach, including where possible the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned
- Communicate the name and contact details of the data protection officer or other contact point where more information can be obtained
- Describe the likely consequences of the personal data breach
- Describe the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.
Now my second question is, how can the data breach be remediated in 72 hours? The penalties are pretty steep if you can’t provide this information.
Our software can take care of the first two bullet points, as it is proactive, operates in real time, and can identify and protect any privacy or sensitive information exposures. As for the remaining bullet points, you’re on your own.
What would you say to the auditors in 72 hours?
Join us for our Enough Talk – Solving GDPR Problems Through Metadata-Driven Compliance webinar, on Wednesday, March 14. This session explains not only the ramifications of General Data Protection Regulation (GDPR) but also how to address the compliance issues. It examines the tactical aspects of the solution, little-known stumbling blocks, and different tools that automate changes and provide an audit trail for compliance.