5 Steps to Managing a Data Breach | Databasix
Managing a data breach

5 Steps to Managing a Data Breach

A data breach occurs when secure or private information is released without authorisation. Such a breach of confidentiality that presents a risk to an individual’s rights and freedoms has to be notified to the authorities within 72 hours of awareness of the breach.

In this day and age, such security breaches are a constant threat for organisations, and the effects can be catastrophic, with reports of around 60% of small firms going out of business within 6 months of a data breach.

Organisations must implement appropriate measures to avoid such breaches of data, however, if a breach occurs, there are steps you can follow to keep your business safe;

1. Stop the breach

Containing a breach as quickly as possible is critical. Containment does depend on the nature of the attack, but isolating the system that has been breached, in order to prevent further spread, is essential. Determine the cause of the issue and find out what personal information has been compromised.

2. Preserve evidence of the data breach

Understanding how a breach occurred and the damage it caused is the next key element in managing a data breach.

3. Isolate the breach

Ensuring a security infrastructure built up of many layers will allow an easier isolation in the event of an attack. By segmenting business units from the network level, problems can be isolated as they are investigated.

4. Consider public communications and notifications

Once a breach has been found, the evidence preserved and isolated, the next step is to notify authorities, third-party organisations and individuals who may have been affected by the breach. With time restrictions on how long an organisation has to inform the governing regulators, this should be done as soon as possible.

Organisations need to provide information on;

  • The date of the breach
  • What was compromised
  • Further prevention methods being put in place as a result

Explain why the breach took place and describe the solutions

5. Investigate, fix and restore systems

Knowing how your system was breached in the first place is essential in preventing it from happening again. Once the source of a breach is secured, systems can be brought back online. Systems should be tested and re-tested thoroughly in order to identify process gaps and confirm that all sensitive data is secure.

Be secure against data attacks. Our GDPR Toolbox provides a practical set of tools to help manage your data protection challenges. Learn how to manage your personal data, find out what to do when a member of staff leaves an organisation, use our data breach log and forms, manage individual records for Subject Access Requests and use our register to record the controls behind software usage.

Be proactive with your security. Don’t wait until you have to deal with a breach. Have measures in place to stop one ever occurring.

Need help managing your data protection challenges?

If you have experienced a data breach and require immediate expert advice to assess the severity of the breach and determine whether or not you need to report it to the ICO, as well as help with recording the appropriate information and communicating with affected parties, we can help.

Rapid Response

Take a look inside

Take a quick look around the inside of the Databasix Essentials GDPR Toolbox.

Find out more


The information and remarks provided in this article represent insight and guidance for best practice which is correct or valid or appropriate at time of publication.

Latest News & Events

What Is a Data Leak and How Do They Happen?

Data leaks are a serious problem for organisations and individuals. In this day and age, individuals freely provide personal information to organisations, therefore a data leak can have a significant impact on both the company and the person. They often involve the exposure of personal data (such as name, address and financial details), with additional damage to the company or organisation in terms of potential financial loss and reputational damage.

Read more

Contact Databasix

Email info@dbxuk.com
Tel 01865 346080

Get Data Protection Services t/a Databasix
is a registered company in England & Wales.
Registration No. 15292208

Unit B Oakwood
Oakfield Industrial Estate
OX29 4TH

Supported by Business Resilience secured by OxLEP Business
Supported by Business Resilience secured by OxLEP Business