How to Survive a GDPR Data Breach in the USA


How to Survive a GDPR Data Breach in the USA Eventually, every company will deal with cybersecurity issues that include hacking that exploits security controls and technical, physical, or human-based elements. Such an emergency requires a robust internal incident response plan as soon as possible. Compliance leader, attorney, and international public speaker Kortney Nordrum reminds you of these crucial situations; “You want to have a plan before you have to use a plan.” Key points discussed in the episode:
✔️ Make sure there’s an incident or a crisis plan and that you have a set you’re going to call, who’s going to get on the phone, and who will make decisions. These should be documented so that there’s no time for guesswork when things are urgent.
✔️ Ensuring a solid system for awareness should start at the level of the customer service representative and the email help desk teams to preempt data breach issues. Have the right people be able to ring the right alarm bells early in your organization.
✔️ Evaluate the extent of the information security hack or breach on top of all other risk and regulatory assessments.
✔️ Determine which are the impacted customers and employees and analyze the individual countries of residence. Figure out where reporting should happen as prescribed in the General Data Protection Regulation (GDPR) of the European Union.
✔️ Set up a toll-free number for questions and work with the core team on public notices or any public response. When we see organizations getting hacked, you’ll see it on a blog before that organization says anything publicly. Make sure to direct the message rather than have gossip around what happened.
✔️ Engage a forensic firm if needed if in-house knowledge is not enough to assess what happened, how the breach occurred, and set the steps necessary to prevent it from happening again.
✔️ It is best for compliance professionals to remember what the adage says: “an ounce of prevention is worth a pound of cure.” Getting ready for a hacking incident requires early planning on initiating incident response measures tested at least yearly and reducing or preventing adverse impacts should they happen. —–
———————————————————————–
Welcome to SURVIVE AND THRIVE, the newest addition to the Compliance Podcast Network. This is a podcast where we unpack compliance, crisis disasters and walk you through all the red flags which appear, and give you some lessons learned going forward. This show is hosted by Compliance Evangelist Thomas Fox and Kortney Nordrum, Regulatory Cou
 

Leave a Reply

Your email address will not be published. Required fields are marked *