Workflow

Easy introduction to GDPR - Lesson 12

Data breaches

Did you know simple mistakes made by employees can cause severe data breaches? In this lesson, we will discuss the different ways data breaches can occur and what to do if they do.

Compliance school

What is GDPR? Video transcription

Data breaches are a part of the GDPR. A data breach is not just getting hacked by the Russians or the Chinese, as an example. It is also losing data. It's about destroying data when you shouldn't have; it's about disclosing it without authorization. What happens in the majority of cases when we're seeing data breaches is that it's due to an employee making a simple mistake.

A good example; a person in customer success is about to send an email to a person, a business partner, and that email would contain a spreadsheet. They, by default, attach the wrong spreadsheet, and the spreadsheet that they attached contains information about all employees at that company, their email, their name, their title, and now all that information is disclosed to the third party who wasn't supposed to receive it. That's a data breach.

A data breach needs to be reported to the authorities within 72 hours. So that means you need to react fast. If you are aware of a data breach. What you should also be doing is making sure that everybody in your organization knows what to do if you have a data breach. I strongly recommend that you set up training and have a policy that outlines what people need to do if they suspect a data breach to have occurred.

It's not enough that they need to know that a data breach occurred. Make sure that as soon as they are suspecting that a data breach could actually have happened, well, let your IT-Team know, just as an example. Therefore, data breaches, policies, training go hand in hand.