GDPR focus: What constitutes a data breach?

At the moment, it seems all we hear about is GDPR. How much of a big deal it is, how important it is to be compliant, how big the fines are if you don’t comply, and it’s only going to get more feverish as we get closer to May when it comes into effect.

But amongst all this noise is a seemingly large gap in practical information and advice on what it actually means and how to deal with it in the real world.

In this piece, we’re going to focus on one of the main buzz words around GDPR: Data Breach

 What is a Data Breach?

 The dictionary definition of a data breach is:

‘…a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorised to do so’

A very broad, catch all definition that can cover any eventuality. When people think of a data breach, especially in the context of the above definition, one thing comes to mind… Hackers, sitting in a dark room, faces covered, trying to crack your passwords and systems to get access to your sensitive company information, and that may well be true.

Whilst possible, the reality, is less about Hackers, and more about your own people. Your employees. But how?!

One of the main causes of data breaches is a lack of training and human error. One of the most common problems, which after May would constitute a personal data breach, is CC’ing people into an email when they should be BCC’d. By using CC instead of BCC, you’ve just shared everybody’s email address with all the individuals you’ve sent it to. Some companies use this method to send mass communications, and lists can go into the hundreds of emails. Once a data breach has occurred, you need to let everybody know (if they will be adversely affected) that it has occurred, and, depending on the circumstances, even the ICO within 24 hours.

Not only do you need to consider the time and resource required to rectify the problem, you also need to consider the reputational damage that may occur as a consequence.

GDPR is definitely at hot topic, which is why we are running 2 free ‘Demystifying GDPR’ webinars on the 8th & 22nd March 2018. To find out more and register, click the link below.