Data Breach Edition of Data Risk Intelligence Platform is a risk management software tool you can use to record and document current data breaches as well as to manage existing ones.
Data protection breakdowns in companies are caused partly by internal errors and partly by attacks from outside or vulnerabilities on the part of service providers.
With Data Breach Edition, incidents of this type can be recorded, documented and reported to the supervisory authorities in compliance with the GDPR. The specifically developed questionnaire of Data Breach Edition covers the relevant official requirements and enables uniform documentation at a central location. You always have an overview of what data breaches have been recorded and whether these have already been reported to the supervisory authorities.
As an alternative to the stand-alone solution, the Data Breach module can be seamlessly integrated into Enterprise or Professional Edition of Data Risk Intelligence Platform.
Easy and intuitive to use
Data Breach Edition enables you to document data breaches and assess the obligation to report them. The entries can be supplemented over time and reference numbers can be stored in the system for further processing.
Data Breach Edition is easy and intuitive to use, converts data breaches into clear structures and enables uniform documentation. Optimise your risk and claims management by documenting individual technical and organisational measures as well as the fulfillment of verification and docu mentation obligations. The software solution automatically creates the legally required records in compliance with the GDPR, and transparently documents all correspondence with the supervisory authorities.
Benefit from the advantages of Data Breach Edition - the comprehensive solution from the world’s largest reinsurer
Step by step – the Data Breach Edition workflow
Data Breach Edition guides you step by step through a questionnaire and creates all the required documents as well as a structured overview of all data breaches.
How should incidents be dealt with? First of all, it is important that the data breach should be remedied. As a rule the IT department acts immediately and implements technical measures to correct the situation. However, you should remember to document this and check whether the data breach needs to be reported to the supervisory authorities. Little time is available for this.
Step 1: Recording the basic data
Where and when did the incident occur, who is the relevant contact person, what kind of incident is it and what happened exactly? These and many more questions are asked automatically.
The description guides you through the questionnaire, so that no relevant points in this critical situation are overlooked. You also receive compre hensive docu mentation of the incidents.
Step 2: Adding details / keeping an overview
In which company did the incident occur? In your own company or at one of your service providers/suppliers? Keep an overview of all incidents and create the possibility of a uniform reporting system. You also have an up-to-date overview of your contacts on the part of the supervisory authorities.
In addition you can keep an eye on any service providers and suppliers where data breaches occur. If these occur regularly you can take corrective measures at an early stage.
Step 3: Consequences and risks
It isn’t only the incident itself and the resulting technical measures that are important. The type of data also matters. If sensitive personal data (Art. 9 GDPR) is involved, the risk for those affected is likely to be much greater than if only contact data falls into the hands of unauthorised persons.
Availability, confidentiality and integrity of data – what are the consequences of a data breach? If you are the victim of a ransomware attack, is the personal data no longer available? What does this mean? Are you no longer able to offer your services to the persons affected? If this is a newsletter mailing system, the consequences will probably be minor. However, if the persons concerned can no longer carry out banking transactions because their account is encrypted and they therefore no longer have access, this can have serious consequences. You describe these risks for those who are affected and define what effects the data breach has on them.
Step 4: Countermeasures
Your IT department has closed the security gap. The necessary procedure and measures should be known to the data protection officer, as it is his/her responsibility to document this. On the basis of such measures the data protection officer can determine whether a risk still exists or whether it has now been eliminated. Depending on the severity of the data breach, internal departments should be informed. Is management already involved? Information has to be shared not just internally, but also if necessary, with the persons who are affected. If this is the case, you have to inform them about measures that can reduce the risk for them. If access data has been compromised, the individuals concerned have to change it. This also reduces the risk of the data breach posing a significant risk to such persons. Even better would be a technical measure so that you can block the access data from your side.
Finally, you can determine whether or not the incident should be reported to the supervisory authorities.
Next step? How about trying our solution? Just request an appointment for your personal live demo.
Reporting incidents to the supervisory authorities
If there is a breach of personal data protection you, as the responsible party, have to notify the supervisory authorities immediately and, if possible, within 72 hours of becoming aware of the breach (Art. 33 GDPR).
If you cannot meet this deadline, you have to justify this delay in your report. You only have to submit this report if the risk to the persons concerned is high. If there is no risk or only a slight risk, the supervisory authorities do not need to be involved. Nevertheless, you have to document the incident and also justify why you have assessed the risk in this way. In order to be able to check the information and view it in condensed form, you will be given an overview of the information that you can provide to the supervisory authority.
If you have submitted a report to the supervisory authorities, you will usually receive a reference number. This reference number can be documented as soon as it has been issued by the supervisory authorities.
You can also add an (optional) additional report to a documented incident. If, for example, the number of affected data records is less than the number specified in the initial documentation, this fact can be subsequently documented and (optionally) reported to the supervisory authorities.
Get it all. For more detailed information just download our fact sheet “Data Breach Edition” for free!
Did you know that you can seamlessly combine Data Breach Module with Data Risk Intelligence?
With this unbeatable combination you can significantly reduce the time and expense involved in implementing the GDPR even further and at the same time improve the quality of your operations. Learn more …
How about trying our solution right now? Or would you rather talk to someone in person?
We believe you can never have too many good partners. You are a Value Added Reseller, Managed Service Provider or System Integrator and would like to include our solutions in your portfolio? Then simply apply for our Risk Suite Partner Programme.