© [E] Munich Re / [P] baona / Getty Images

Munich Re’s
Data Breach Edition

Data breaches can be highly expensive.
Unless you act in line with the GDPR.

Data Breach Edition of Data Risk Intelligence Platform is a risk management software tool you can use to record and document current data breaches as well as to manage existing ones.

Data protection breakdowns in companies are caused partly by internal errors and partly by attacks from outside or vulnerabilities on the part of service providers. 

With Data Breach Edition, incidents of this type can be recorded, documented and reported to the supervisory authorities in compliance with the GDPR. The specifically developed questionnaire of Data Breach Edition covers the relevant official requirements and enables uniform documentation at a central location. You always have an overview of what data breaches have been recorded and whether these have already been reported to the supervisory authorities.

As an alternative to the stand-alone solution, the Data Breach module can be seamlessly integrated into Enterprise or Professional Edition of Data Risk Intelligence Platform.

Data Risk Intelligence
Data Breach Edition
© [E] Munich Re / [P] PeopleImages / Getty Images

Easy and intuitive to use

Data Breach Edition enables you to document data breaches and assess the obligation to report them. The entries can be supplemented over time and reference numbers can be stored in the system for further processing.

Data Breach Edition is easy and intuitive to use, converts data breaches into clear structures and enables uniform documentation. Optimise your risk and claims management by documenting individual technical and organisational measures as well as the fulfillment of verification and docu mentation obligations. The software solution automatically creates the legally required records in compliance with the GDPR, and transparently documents all correspondence with the supervisory authorities.    

Benefit from the advantages of Data Breach Edition - the comprehensive solution from the world’s largest reinsurer

100 % complete recording
… of all data breaches by means of an intelligent questionnaire: nothing can be forgotten or overlooked!
A faster overview
… of all recorded data protection violations and whether these have already been reported to the supervisory authorities.
With 140 years of experience
… in risk assessment and risk management. Munich Re has the world‘s largest and most comprehensive expert know-how for the development of high-quality software solutions in this field.
Maximum legal security
… ensured by compliance with the verification and documentation requirements of the GDPR.

Step by step – the Data Breach Edition workflow

Data Breach Edition guides you step by step through a questionnaire and creates all the required documents as well as a structured overview of all data breaches.

How should incidents be dealt with? First of all, it is important that the data breach should be remedied. As a rule the IT department acts immediately and implements technical measures to correct the situation. However, you should remember to document this and check whether the data breach needs to be reported to the supervisory authorities. Little time is available for this.

Recording the basic data

Step 1: Recording the basic data

Where and when did the incident occur, who is the relevant contact person, what kind of incident is it and what happened exactly? These and many more questions are asked automatically.

The description guides you through the questionnaire, so that no relevant points in this critical situation are overlooked. You also receive compre hensive docu  mentation of the incidents.

Step 2: Adding details / keeping an overview

In which company did the incident occur? In your own company or at one of your service providers/suppliers? Keep an overview of all incidents and create the possibility of a uniform reporting system. You also have an up-to-date overview of your contacts on the part of the supervisory authorities.

In addition you can keep an eye on any service providers and suppliers where data breaches occur. If these occur regularly you can take corrective measures at an early stage.

Adding details / keeping an overview
Consequences and risks

Step 3: Consequences and risks

It isn’t only the incident itself and the resulting technical measures that are important. The type of data also matters. If sensitive personal data (Art. 9 GDPR) is involved, the risk for those affected is likely to be much greater than if only contact data falls into the hands of unauthorised persons.

Availability, confidentiality and integrity of data – what are the consequences of a data breach? If you are the victim of a ransomware attack, is the personal data no longer available? What does this mean? Are you no longer able to offer your services to the persons affected? If this is a newsletter mailing system, the consequences will probably be minor. However, if the persons concerned can no longer carry out banking transactions because their account is encrypted and they therefore no longer have access, this can have serious consequences. You describe these risks for those who are affected and define what effects the data breach has on them.

Step 4: Countermeasures

Your IT department has closed the security gap. The necessary procedure and measures should be known to the data protection officer, as it is his/her responsibility to document this. On the basis of such measures the data protection officer can determine whether a risk still exists or whether it has now been eliminated. Depending on the severity of the data breach, internal departments should be informed. Is management already involved? Information has to be shared not just internally, but also if necessary, with the persons who are affected. If this is the case, you have to inform them about measures that can reduce the risk for them. If access data has been compromised, the individuals concerned have to change it. This also reduces the risk of the data breach posing a significant risk to such persons. Even better would be a technical measure so that you can block the access data from your side.

Finally, you can determine whether or not the incident should be reported to the supervisory authorities.

Countermeasures

Next step? How about trying our solution? Just request an appointment for your personal live demo.

Reporting incidents to the supervisory authorities

Data Breach Edition

If there is a breach of personal data protection you, as the responsible party, have to notify the supervisory authorities immediately and, if possible, within 72 hours of becoming aware of the breach (Art. 33 GDPR).

If you cannot meet this deadline, you have to justify this delay in your report. You only have to submit this report if the risk to the persons concerned is high. If there is no risk or only a slight risk, the supervisory authorities do not need to be involved. Nevertheless, you have to document the incident and also justify why you have assessed the risk in this way. In order to be able to check the information and view it in condensed form, you will be given an overview of the information that you can provide to the supervisory authority.

If you have submitted a report to the supervisory authorities, you will usually receive a reference number. This reference number can be documented as soon as it has been issued by the supervisory authorities.

You can also add an (optional) additional report to a documented incident. If, for example, the number of affected data records is less than the number specified in the initial documentation, this fact can be subsequently documented and (optionally) reported to the supervisory authorities.

Get it all. For more detailed information just download our fact sheet “Data Breach Edition” for free!

Easy-touse analysis and workflow tool

Did you know that you can seamlessly combine Data Breach Module with Data Risk Intelligence? 

With this unbeatable combination you can significantly reduce the time and expense involved in implementing the GDPR even further and at the same time improve the quality of your operations. Learn more …

How about trying our solution right now? Or would you rather talk to someone in person?

We believe you can never have too many good partners. You are a Value Added Reseller, Managed Service Provider or System Integrator and would like to include our solutions in your portfolio? Then simply apply for our Risk Suite Partner Programme.
Nicole Schmitzberger
Global Executive Director Channel Sales
We use cookies on our websites to improve your experience as an internet user, and to optimise our online services. They comprise cookies that are required for technical purposes, and without which the website functionality could not be guaranteed. We also employ cookies to carry out statistical evaluations of the reach of our websites. These evaluations are anonymised. You can find further information on the cookies we use, and ways to object to the use of cookies for statistical evaluations, in our cookie guidelines.