Do you know how to determine whether an incident is a personal data breach, and the circumstances under which you are required to report it? Are you aware of the time scale to report a data breach to the authorities? Ever encountered several data breaches simultaneously? Do you know how to assess their risk?
Companies do not have the appropriate skills, technology or procedures in place to detect breaches when they happen, nor report them in sufficient detail to the regulators. We aim at facilitating and easing the process of reporting personal data incidents, fr om the moment of receiving an incident notifications, through its risk assessment till the eventual reporting to the authorities and to any audit requirements. The whole process becomes less time-consuming and the risk that the breach could be reported with a consistent delay diminishes. It won't be also required anymore a large group of specialists being involved in the assessment process.
The scope of GDPR is broad, covering not only the handling, processing, storing, and communication of personal data but also trace data that—when combined with other observable information—might expose the personal information of an EU resident. This creates a complex set of challenges for data privacy teams who, despite their best efforts, will never be able to protect their businesses from every threat on the digital horizon.
No security system can ever be airtight. In addition to hackers and other attacks that constitute an intentional threat to the businesses they target, human error, and accidental information security breaches are also common.
Even the loss of equipment on which personal data was stored, or an email sent wh ere recipient lists can be viewed, constitutes a data breach.
The question is not whether such incidents will occur or not, but when they occur, and how they can be managed effectively once they do. The risks for improperly managing a privacy breach are high, and they are only getting higher.
GDPR is only in its third year and fines have reached about EUR 270 million in the EU. In 2019 and 2020, the fines levied against EU businesses increased dramatically per violation, with companies like Cathay Pacific, Equifax, British Airways, Marriott, and Facebook incurring hundreds of thousands, to hundreds of millions of Euros in penalties.
In addition to the financial penalties, each violation has a negative impact on the reputations of the companies involved. This often leads to a serious lack of trust among consumers and additional profit loss.