GDPR's Impact on Incident Response

Beyond user privacy, we’ve seen GDPR impact companies in other ways.

May 25, 2019 will mark the one-year anniversary of the date the General Data Protection Regulation (GDPR) went into effect. As the most far-reaching data privacy regulation ever, GDPR has certainly made an impact on companies around the world – forcing them to up their game when it comes to protecting the personal data of European Union (EU) citizens. 

But, beyond user privacy, we’ve seen GDPR impact companies in other ways too. One of the most important, from my perspective, is the effect it’s had on incident response. 

The 72-Hour Window

Article 33 of GDPR specifies that organizations must report a breach to the supervisory authority within 72 hours of detection. In the world of cybersecurity, 72 hours is no time at all. And if this alone isn’t stressful enough, there’s more: It’s not sufficient to simply report the breach; companies must include information detailing the nature of the breach, the approximate number of data subjects and personal data records impacted, the likely consequences of the breach, and measures taken or proposed to address the breach and its negative effects.

Without a pre-defined incident response plan and the right technology, people and processes in place, meeting this 72-hour window is impossible. Weeks, months, or even years is a more accurate timeframe. But as unrealistic as 72 hours might seem, failing to meet this deadline can result in heavy fines, loss of consumer trust and a damaged reputation. Rather than risk severe penalties such as these, organizations are reassessing their operational readiness to detect and respond to a breach, so they can make the 72-hour window an achievable goal.

Here’s a look at some of the most effective ways companies have revamped their incident response programs over the past year to meet GDPR’s stringent breach notification regulation: 

Technology: Implementing network visibility, policy orchestration, and data collection and analysis technology 

The only way organizations can provide the level of detail into a breach specified by GDPR is by having the right technology in place. And it all starts with visibility – because you can’t protect (or get information about) an asset if you don’t’ know it’s there.  

This is why many organizations are implementing network infrastructure monitoring technology that provides complete network visibility into data at rest, data in transit, and data in process.  But it doesn’t stop there, visibility must be sustained for all assets residing across each computing environment (on-premise, virtual, hybrid-cloud, multi-cloud, etc.). 

Once companies have an accurate understanding of the endpoints, data, and other resources living on their networks, they can create the proper zones of control, bringing each under the right network policies and access rules with automated policy orchestration. Policy orchestration helps security teams achieve continuous security and compliance with regulations like GDPR, because it enforces appropriate access rights for all corporate assets. In the event of non-compliance, policy orchestration technology makes it easier for security teams to identify where the violation occurred. Remember, as it relates to GDPR, identification, classification and protection of personally identifiable information is paramount to compliance. 

Last, but certainly not least, to meet the 72-hour breach notification deadline, companies must have technology that automates data collection and analysis. This capability is important, because, in the event of a breach, security teams must be able to quickly obtain the answers the supervisory authority requires, including how the breach happened, its duration, who it affected, the damage it caused, etc.

In today’s dynamic IT infrastructures, trying to derive these answers manually is impossible, period … never mind doing so within 72-hours. With the right technology automating these processes, though, security teams can get the information they need almost instantly.  

People: Assembling an incident response team

When it comes to incident response, there are a lot of moving parts – from performing data collection, investigation and analytics processes, to mitigating damage, to communicating to the data protection officer (DPO) and other relevant parties. That’s why it’s a good idea to assemble a breach response team beforean incident occurs. Clearly define each member’s roles and responsibilities, so they can immediately jump into action in the event of a breach. Not only will this help with GDPR breach notification requirements, but it will also help limit the negative effects of a breach.

Processes: Implementing data protection impact assessments

Data protection impact assessments are an important part of GDPR; data controllers are required to perform assessments to identify risks to user data before beginning data processing activities. But conducting post-breach impact assessments is also important, because they allow the incident response team to determine if other information is at risk, from either a security or compliance perspective. Developing these post-breach impact assessments early on and having them at the ready can help response teams execute them quickly following a breach to prevent other system attacks and network compromises. 

GDPR Strengthens Incident Response

In today’s cybersecurity landscape, it’s no longer a matter of “if” a company gets breached, but “when.” Limiting the damage of a breach is the next best alternative to preventing a breach in the first place, and an effective incident response strategy allows companies to do just this. 

While strong incident response is certainly not the primary purpose of GDPR, it sure is a nice bi-product of the legislation – one that allows organizations to not only meet the 72-hour breach notification deadline, but to contain damage and mitigate additional risk in the process.


  • Live From ISC West 2023: Day 1

    ISC West 2023 in Las Vegas, Nevada, has officially begun! Make sure to keep an eye on Security Today’s ISCW Live 2023 page, as well as our associated Twitter accounts—@SecurToday and @CampusSecur—for the latest updates from the show floor at the Venetian Expo. Read Now

    • Industry Events
    • ISC West
  • It Happened Again

    Just yesterday (as of this writing), it happened again. A 28-year-old woman shot her way into a Christian elementary school in Nashville, Tenn., on Monday and killed three children and three adults, according to national news. AP News reports that the victims were three 9-year-old children, a top school administrator, a substitute teacher, and a school custodian Read Now

  • Let's Get to Work

    You are standing at the conference center doors just waiting to get into the exhibit hall. I know you are because I’m standing next to you. This week at ISC West has been three years in the making. Last year was encouraging, and here we are waiting for the Big Show. Read Now

    • Industry Events
    • ISC West
  • Using Modern Technology

    Using Modern Technology

    Workplace violence is a serious and growing challenge for many organizations — including those in the healthcare industry. Read Now

Featured Cybersecurity

New Products

  • PACE® Long Range Ethernet Solutions

    PACE® Long Range Ethernet Solutions

    Altronix introduces the newest addition to its portfolio of PACE® Long Range Ethernet Solutions. 3

  • ComNet CNGE6FX2TX4PoE

    The ComNet cost-efficient CNGE6FX2TX4PoE is a six-port switch that offers four Gbps TX ports that support the IEEE802.3at standard and provide up to 30 watts of PoE to PDs. It also has a dedicated FX/TX combination port as well as a single FX SFP to act as an additional port or an uplink port, giving the user additional options in managing network traffic. The CNGE6FX2TX4PoE is designed for use in unconditioned environments and typically used in perimeter surveillance. 3

  • Paxton10 CORE Cameras

    Paxton10 CORE Cameras

    The new CORE Series cameras feature edge processing for ultimate scalability, built-in edge storage, and plug-and-play installation. The addition of the CORE Series gives installers new hardware, better choice, and more value than ever before. 3