GDPR

GDPR's Impact on Incident Response

Beyond user privacy, we’ve seen GDPR impact companies in other ways.

May 25, 2019 will mark the one-year anniversary of the date the General Data Protection Regulation (GDPR) went into effect. As the most far-reaching data privacy regulation ever, GDPR has certainly made an impact on companies around the world – forcing them to up their game when it comes to protecting the personal data of European Union (EU) citizens. 

But, beyond user privacy, we’ve seen GDPR impact companies in other ways too. One of the most important, from my perspective, is the effect it’s had on incident response. 

The 72-Hour Window

Article 33 of GDPR specifies that organizations must report a breach to the supervisory authority within 72 hours of detection. In the world of cybersecurity, 72 hours is no time at all. And if this alone isn’t stressful enough, there’s more: It’s not sufficient to simply report the breach; companies must include information detailing the nature of the breach, the approximate number of data subjects and personal data records impacted, the likely consequences of the breach, and measures taken or proposed to address the breach and its negative effects.

Without a pre-defined incident response plan and the right technology, people and processes in place, meeting this 72-hour window is impossible. Weeks, months, or even years is a more accurate timeframe. But as unrealistic as 72 hours might seem, failing to meet this deadline can result in heavy fines, loss of consumer trust and a damaged reputation. Rather than risk severe penalties such as these, organizations are reassessing their operational readiness to detect and respond to a breach, so they can make the 72-hour window an achievable goal.

Here’s a look at some of the most effective ways companies have revamped their incident response programs over the past year to meet GDPR’s stringent breach notification regulation: 

Technology: Implementing network visibility, policy orchestration, and data collection and analysis technology 

The only way organizations can provide the level of detail into a breach specified by GDPR is by having the right technology in place. And it all starts with visibility – because you can’t protect (or get information about) an asset if you don’t’ know it’s there.  

This is why many organizations are implementing network infrastructure monitoring technology that provides complete network visibility into data at rest, data in transit, and data in process.  But it doesn’t stop there, visibility must be sustained for all assets residing across each computing environment (on-premise, virtual, hybrid-cloud, multi-cloud, etc.). 

Once companies have an accurate understanding of the endpoints, data, and other resources living on their networks, they can create the proper zones of control, bringing each under the right network policies and access rules with automated policy orchestration. Policy orchestration helps security teams achieve continuous security and compliance with regulations like GDPR, because it enforces appropriate access rights for all corporate assets. In the event of non-compliance, policy orchestration technology makes it easier for security teams to identify where the violation occurred. Remember, as it relates to GDPR, identification, classification and protection of personally identifiable information is paramount to compliance. 

Last, but certainly not least, to meet the 72-hour breach notification deadline, companies must have technology that automates data collection and analysis. This capability is important, because, in the event of a breach, security teams must be able to quickly obtain the answers the supervisory authority requires, including how the breach happened, its duration, who it affected, the damage it caused, etc.

In today’s dynamic IT infrastructures, trying to derive these answers manually is impossible, period … never mind doing so within 72-hours. With the right technology automating these processes, though, security teams can get the information they need almost instantly.  

People: Assembling an incident response team

When it comes to incident response, there are a lot of moving parts – from performing data collection, investigation and analytics processes, to mitigating damage, to communicating to the data protection officer (DPO) and other relevant parties. That’s why it’s a good idea to assemble a breach response team beforean incident occurs. Clearly define each member’s roles and responsibilities, so they can immediately jump into action in the event of a breach. Not only will this help with GDPR breach notification requirements, but it will also help limit the negative effects of a breach.

Processes: Implementing data protection impact assessments

Data protection impact assessments are an important part of GDPR; data controllers are required to perform assessments to identify risks to user data before beginning data processing activities. But conducting post-breach impact assessments is also important, because they allow the incident response team to determine if other information is at risk, from either a security or compliance perspective. Developing these post-breach impact assessments early on and having them at the ready can help response teams execute them quickly following a breach to prevent other system attacks and network compromises. 

GDPR Strengthens Incident Response

In today’s cybersecurity landscape, it’s no longer a matter of “if” a company gets breached, but “when.” Limiting the damage of a breach is the next best alternative to preventing a breach in the first place, and an effective incident response strategy allows companies to do just this. 

While strong incident response is certainly not the primary purpose of GDPR, it sure is a nice bi-product of the legislation – one that allows organizations to not only meet the 72-hour breach notification deadline, but to contain damage and mitigate additional risk in the process.


Featured

  • New Report Reveals Top Trends Transforming Access Controller Technology

    Mercury Security, a provider in access control hardware and open platform solutions, has published its Trends in Access Controllers Report, based on a survey of over 450 security professionals across North America and Europe. The findings highlight the controller’s vital role in a physical access control system (PACS), where the device not only enforces access policies but also connects with readers to verify user credentials—ranging from ID badges to biometrics and mobile identities. With 72% of respondents identifying the controller as a critical or important factor in PACS design, the report underscores how the choice of controller platform has become a strategic decision for today’s security leaders. Read Now

  • Overwhelming Majority of CISOs Anticipate Surge in Cyber Attacks Over the Next Three Years

    An overwhelming 98% of chief information security officers (CISOs) expect a surge in cyber attacks over the next three years as organizations face an increasingly complex and artificial intelligence (AI)-driven digital threat landscape. This is according to new research conducted among 300 CISOs, chief information officers (CIOs), and senior IT professionals by CSC1, the leading provider of enterprise-class domain and domain name system (DNS) security. Read Now

  • ASIS International Introduces New ANSI-Approved Investigations Standard

    • Guard Services
  • Cloud Security Alliance Brings AI-Assisted Auditing to Cloud Computing

    The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today introduced an innovative addition to its suite of Security, Trust, Assurance and Risk (STAR) Registry assessments with the launch of Valid-AI-ted, an AI-powered, automated validation system. The new tool provides an automated quality check of assurance information of STAR Level 1 self-assessments using state-of-the-art LLM technology. Read Now

  • Report: Nearly 1 in 5 Healthcare Leaders Say Cyberattacks Have Impacted Patient Care

    Omega Systems, a provider of managed IT and security services, today released new research that reveals the growing impact of cybersecurity challenges on leading healthcare organizations and patient safety. According to the 2025 Healthcare IT Landscape Report, 19% of healthcare leaders say a cyberattack has already disrupted patient care, and more than half (52%) believe a fatal cyber-related incident is inevitable within the next five years. Read Now

New Products

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.