For companies that don’t have a data breach response plan yet, the task of achieving General Data Protection Regulation (GDPR) compliance might feel overwhelming. Article 33 of the regulation, which went into effect on May 25, 2018, sets a strict timeline for breach disclosure. It mandates that “the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority.”

Companies have 72 hours — and the clock is ticking.

What does an organization need to do to report a data breach within this 72-hour window? Overwhelmed or not, enterprises must adapt to the reality of this tight deadline and have a plan in place to meet it in the event of data compromise.

Start the Timer: Your Data Breach Response Plan

According to GDPR, a data breach report should include a description of the nature of the incident, the number of records potentially compromised, the likely consequences of the breach and the organization’s plans for remediation.

Does this sound like a tall order? It’s worth noting that there’s some flexibility in the reporting requirement. Article 33 states that if a company misses the 72-hour deadline, it must include a valid reason for the delay when it does report the breach.

Of course, this isn’t a license to rest on your laurels.

“The key thing that the regulatory authorities will look for is transparency and accountability and that you can demonstrate that you have started your journey,” said Brian Honan, CEO of BH Consulting, in a May 2018 interview with Information Security Media Group.

Against the Clock: Strike a Balance Between Productivity and Data Security

Companies can no longer defend themselves against cyberthreats by relying solely on antivirus software and firewall protections — especially when it comes to securing customer data. This reality is why it’s critical to understand the data your organization holds and have a policy for managing it throughout its life cycle. Holding onto assets that no longer have value only puts companies at risk.

Companies can better secure their data by implementing breach detection technologies that identify anomalous patterns. These tools provide data visibility, including a timeline of the attack. Some tools also provide artificial intelligence (AI)-powered monitoring capabilities and insight into storage environments from the cloud.

Successful breach prevention requires a proper balance between enabling productivity and protecting assets. This is why it’s crucial to adopt a proactive security plan capable of adapting to today’s evolving threat landscape.

Time Flies: Monitor Users to Understand Insider Threats

Earlier this year, a healthcare savings institution suffered a data breach after an employee’s email account was compromised, according to Infosecurity Magazine. Two days after an unauthorized user accessed the account, the malicious activity was detected, the account was destroyed and a forensics firm launched an investigation. That’s almost record-breaking dwell time — and an indication that the company proactively monitors users to identify potential insider threats.

“Often, attacks like these target privileged users with access to sensitive or valuable systems or data,” said Sam Elliott, director of security product management at remote support company Bomgar. “While companies are aware of this, providing security around these types of users without limiting their ability to do their jobs effectively is difficult.”

One way to address the threat of malicious insiders is to clearly define privileged users and install controls that allow employees to only access what they need to perform their jobs. By monitoring user behavior, security teams can establish a pattern of regular activity and quickly raise red flags when anomalies occur.

Insider threats are often not malicious, but attackers frequently aim to compromise user credentials through social engineering tactics. The ability to recognize changes in user behaviors allows analysts to detect incidents and respond more quickly — reducing dwell time and minimizing the impact of a breach.

Beat the Clock: Develop and Implement an Incident Response Plan

Many companies will struggle to report incidents within the mandated 72-hour window. IBM recommends tapping the expertise of a computer security incident response team (CSIRT) to address challenges related to post-breach response and resilience. Also, security teams must establish and follow a comprehensive incident response plan designed to help the organization meet compliance in the aftermath of a breach.

The very process of developing an incident response plan will reveal weaknesses in existing security strategies. Once established, the plan should regularly be tested. This tactic will enable organizations to strengthen business continuity and disaster recovery operations to minimize the impact of a breach and the disruption that typically follows. More importantly, it will help them stay on the right side of GDPR compliance today and in the future.

Read more content to help you prepare for GDPR compliance

More from Data Protection

Heads Up CEO! Cyber Risk Influences Company Credit Ratings

4 min read - More than ever, cybersecurity strategy is a core part of business strategy. For example, a company’s cyber risk can directly impact its credit rating. Credit rating agencies continuously strive to gain a better understanding of the risks that companies face. Today, those agencies increasingly incorporate cybersecurity into their credit assessments. This allows agencies to evaluate a company’s capacity to repay borrowed funds by factoring in the risk of cyberattacks. Getting Hacked Impacts Credit Scoring As per the Wall Street Journal…

4 min read

IBM Security Guardium Ranked as a Leader in the Data Security Platforms Market

3 min read - KuppingerCole named IBM Security Guardium as an overall leader in their Leadership Compass on Data Security Platforms. IBM was ranked as a leader in all three major categories: Product, Innovation, and Market. With this in mind, let’s examine how KuppingerCole measures today’s solutions and why it’s important for you to have a data security platform that you trust. The Transformation of the Data Security Industry As digital transformation continues to expand, the impact it has had on enterprises is very apparent when…

3 min read

SaaS vs. On-Prem Data Security: Which is Right for You?

2 min read - As businesses increasingly rely on digital data storage and communication, the need for effective data security solutions has become apparent. These solutions can help prevent unauthorized access to sensitive data, detect and respond to security threats and ensure compliance with relevant regulations and standards. However, not all data security solutions are created equal. Are you choosing the right solution for your organization? That answer depends on various factors, such as your industry, size and specific security needs. SaaS vs. On-Premises…

2 min read

Understanding the Backdoor Debate in Cybersecurity

3 min read - The debate over whether backdoor encryption should be implemented to aid law enforcement has been contentious for years. On one side of the fence, the proponents of backdoors argue that they could provide valuable intelligence and help law enforcement investigate criminals or prevent terrorist attacks. On the other side, opponents contend they would weaken overall security and create opportunities for malicious actors to exploit. So which side of the argument is correct? As with most debates, the answer isn't so…

3 min read