Contact Us

Contact Us

Please get in touch using the form below

I prefer to be contacted by:
View our privacy policy
Book a CREST penetration test today. Get a quote.

Overview

The need for proactive breach detection and response

Among the data protection requirements introduced by the GDPR is the need to take appropriate measures to detect and report data breaches leading to the ‘accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.’

If not addressed in an appropriate and timely manner, a breach has the potential to result in affected individuals suffering financial and reputational damage.

The GDPR recognises the need for organisations to be more transparent about data compromises and to this end makes it a requirement for all controllers and processors to implement appropriate procedures to detect breaches and to also report them to a relevant supervisory authority within 72 hours. In instances where there is a high risk to the rights and freedoms of individuals, those concerned must also be directly notified.

Breach detection challenges

The challenge of detecting attacks and avoiding financial and reputational damage

Without the correct mixture of skills and resources in place, detecting data breaches and quickly reporting them to an appropriate authority poses a serious challenge. To evade detection, today’s cybercriminals are extremely patient, taking steps to ensure that they leave as few traces as possible. Hackers can often reside undetected on networks for months.

Knowing how to successfully respond to attacks is another area where many businesses slip up, with slow or incorrect action leading to greater damage. Among the GDPR breach reporting requirements is the need to provide a detailed description of any breach incurred. This includes:

  • the type and quantity of data compromised
  • an outline of the likely consequences of the attack
  • plans for how to tackle its effects
Threats penetrating security defences

Managed Detection and Response

Reliably detect and respond to attacks with ThreatDetect™ MDR

ThreatDetect™, Redscan’s Managed Detection and Response service, can enable your organisation to implement the proactive approach to breach detection needed to help achieve compliance with the GDPR reporting and notification requirements.

Supplying experienced security professionals, cutting-edge technology and the latest threat intelligence ThreatDetect provides the 24/7 monitoring and incident response capabilities needed to swiftly identify attacks before they result in damage and disruption.

FAQ

Breach reporting FAQs

What constitutes a personal data breach?

The Information Commissioner’s Office (ICO) defines a breach as a lapse of security resulting in ‘unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data’.

Breaches could include unauthorised third-party access, accidental transfer of personal data to incorrect recipients, lost or stolen devices containing personal data, or illicit alteration of data or loss of data availability.

Why do I need GDPR monitoring?

Article 33 of the GDPR states that organisations must have robust procedures in place to detect and investigate personal data breaches as well as report them within 72 hours.

Without extensive visibility across your network and endpoints, it can take months to identify a breach and know whether personal data has been compromised.

The cost of conducting post-event investigations will far outweigh the investment in a GDPR monitoring service, which will help to minimise security risk and provide the intelligence needed to quickly identify, remediate and report breaches to compliance standards.

What happens if my business suffers a personal data breach?

If your business suffers a data breach in the UK it must be reported to the Information Commissioner’s Office within 72 hours of discovery.

Information provided should include a description of the breach, including the type and quantity of data compromised, as well as an outline of the likely consequences of the breach and plans of how to tackle it. If the impact of a breach represents a high risk to the rights and freedoms of individuals, those concerned must also be directly notified.

How can I avoid a GDPR fine?

Under GDPR legislation, organisations can be fined up to £17 million or 4% of their global revenue if they fail to implement appropriate measures to prevent, detect and report personal data breaches.

The constantly evolving nature of threats means that no organisation can be expected to completely prevent breaches. The ICO has stated however that organisations that have made demonstrable and proactive efforts to minimise security risks will be looked upon favourably.

What should I look for in a GDPR monitoring service?

Organisations should look for a Managed Detection and Response (MDR) service capable of providing the support and intelligence needed to proactively hunt for threats and the actionable guidance to respond swiftly and effectively to them.

GDPR Solutions

Tailored solutions for GDPR compliance

By helping you to understand and address gaps in your organisation’s cyber security as well as proactively detect and respond to threats when they occur, Redscan’s managed security and assessment services support swift, hassle-free GDPR compliance.

ThreatDetect MDR

Managed Detection and Response

Award-winning support to rapidly detect and respond to the latest threats 24/7

Read more
A range of security assessment services

Assessment Services

Specialist engagements to uncover and address hidden cyber security risks

Read more
A person choosing from a range of Managed Security Services

Managed Security Services

Expert help to manage and monitor your choice of security technologies

Read more

Get in touch

Complete the form for a prompt response from our team.

I prefer to be contacted by:
View our privacy policy

Resources

Discover our latest content and resources

From the blog
From the blog Case studies Latest news
15th September 2020
Significant number of remote workers use own devices to access company data
A global survey of over 13,000 remote workers has found that 39% of them use their own devices to access data belonging to their employer, often via services and applications hosted in the cloud. Many of the personal devices used to do this were identified as being less secure than corporate devices.
8th September 2020
New research suggests a quarter of company desktops lack security software
New research suggests that almost one in four (23%) of desktop computers and one in five (17%) of laptops supplied by UK employers lack security software. The research also reveals company smartphones to be as exposed to cyber security issues as desktop computers.
1st September 2020
Formal warnings issued about the rise in vishing attacks
The FBI have issued formal warnings about vishing, a new version of phishing in which cybercriminals make voice-over-IP (VoIP) calls to employees they view as vulnerable. The rise of vishing, also known as voice phishing, is thought to be due to the increase in remote working and the use of VPNs.
25th August 2020
96% of UK businesses experienced at least one major cyber-attack over the past year
Research shows that 96% of UK businesses experienced at least one significant cyber-attack over the past year with 65% of respondents stating that their operational technology (OT) had undergone an attack.