Managing a data breach

5 Steps to Managing a Data Breach

A data breach occurs when secure or private information is released without authorisation. Such a breach of confidentiality that presents a risk to an individual’s rights and freedoms has to be notified to the authorities within 72 hours of awareness of the breach.

In this day and age, such security breaches are a constant threat for organisations, and the effects can be catastrophic, with reports of around 60% of small firms going out of business within 6 months of a data breach.

Organisations must implement appropriate measures to avoid such breaches of data, however, if a breach occurs, there are steps you can follow to keep your business safe;

1. Stop the breach

Containing a breach as quickly as possible is critical. Containment does depend on the nature of the attack, but isolating the system that has been breached, in order to prevent further spread, is essential. Determine the cause of the issue and find out what personal information has been compromised.

2. Preserve evidence of the data breach

Understanding how a breach occurred and the damage it caused is the next key element in managing a data breach.

3. Isolate the breach

Ensuring a security infrastructure built up of many layers will allow an easier isolation in the event of an attack. By segmenting business units from the network level, problems can be isolated as they are investigated.

4. Consider public communications and notifications

Once a breach has been found, the evidence preserved and isolated, the next step is to notify authorities, third-party organisations and individuals who may have been affected by the breach. With time restrictions on how long an organisation has to inform the governing regulators, this should be done as soon as possible.

Organisations need to provide information on;

  • The date of the breach
  • What was compromised
  • Further prevention methods being put in place as a result

Explain why the breach took place and describe the solutions

5. Investigate, fix and restore systems

Knowing how your system was breached in the first place is essential in preventing it from happening again. Once the source of a breach is secured, systems can be brought back online. Systems should be tested and re-tested thoroughly in order to identify process gaps and confirm that all sensitive data is secure.

Be secure against data attacks. Our GDPR Toolbox provides a practical set of tools to help manage your data protection challenges. Learn how to manage your personal data, find out what to do when a member of staff leaves an organisation, use our data breach log and forms, manage individual records for Subject Access Requests and use our register to record the controls behind software usage.

Be proactive with your security. Don’t wait until you have to deal with a breach. Have measures in place to stop one ever occurring.

Need help managing your data protection challenges?

If you have experienced a data breach and require immediate expert advice to assess the severity of the breach and determine whether or not you need to report it to the ICO, as well as help with recording the appropriate information and communicating with affected parties, we can help.

Rapid Response

Take a look inside

Take a quick look around the inside of the Databasix Essentials GDPR Toolbox.

Find out more


Latest News & Events

How Many Data Protection Principles Are There?

The data protection principles are laid out and explained in Article 5 of the UK GDPR. These principles are the backbone of data protection, outlining the essentials to being compliant with GDPR when handling data, and your approach to processing personal data should be intrinsically tied to these principles.

Read more

Register for News from Databasix

If you would like to stay up to date with the latest news and events from Databasix please click below, add your details and you will be added to our mailing list.

Contact Databasix

Tel 01235 838507

Databasix UK Ltd
is a registered company in England & Wales
Registration No. 08771007

Harwell Innovation Centre
Building 173
Curie Avenue
Harwell Oxford
OX11 0QG