For companies that don’t have a data breach response plan yet, the task of achieving General Data Protection Regulation (GDPR) compliance might feel overwhelming. Article 33 of the regulation, which went into effect on May 25, 2018, sets a strict timeline for breach disclosure. It mandates that “the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority.”

Companies have 72 hours — and the clock is ticking.

What does an organization need to do to report a data breach within this 72-hour window? Overwhelmed or not, enterprises must adapt to the reality of this tight deadline and have a plan in place to meet it in the event of data compromise.

Start the Timer: Your Data Breach Response Plan

According to GDPR, a data breach report should include a description of the nature of the incident, the number of records potentially compromised, the likely consequences of the breach and the organization’s plans for remediation.

Does this sound like a tall order? It’s worth noting that there’s some flexibility in the reporting requirement. Article 33 states that if a company misses the 72-hour deadline, it must include a valid reason for the delay when it does report the breach.

Of course, this isn’t a license to rest on your laurels.

“The key thing that the regulatory authorities will look for is transparency and accountability and that you can demonstrate that you have started your journey,” said Brian Honan, CEO of BH Consulting, in a May 2018 interview with Information Security Media Group.

Against the Clock: Strike a Balance Between Productivity and Data Security

Companies can no longer defend themselves against cyberthreats by relying solely on antivirus software and firewall protections — especially when it comes to securing customer data. This reality is why it’s critical to understand the data your organization holds and have a policy for managing it throughout its life cycle. Holding onto assets that no longer have value only puts companies at risk.

Companies can better secure their data by implementing breach detection technologies that identify anomalous patterns. These tools provide data visibility, including a timeline of the attack. Some tools also provide artificial intelligence (AI)-powered monitoring capabilities and insight into storage environments from the cloud.

Successful breach prevention requires a proper balance between enabling productivity and protecting assets. This is why it’s crucial to adopt a proactive security plan capable of adapting to today’s evolving threat landscape.

Time Flies: Monitor Users to Understand Insider Threats

Earlier this year, a healthcare savings institution suffered a data breach after an employee’s email account was compromised, according to Infosecurity Magazine. Two days after an unauthorized user accessed the account, the malicious activity was detected, the account was destroyed and a forensics firm launched an investigation. That’s almost record-breaking dwell time — and an indication that the company proactively monitors users to identify potential insider threats.

“Often, attacks like these target privileged users with access to sensitive or valuable systems or data,” said Sam Elliott, director of security product management at remote support company Bomgar. “While companies are aware of this, providing security around these types of users without limiting their ability to do their jobs effectively is difficult.”

One way to address the threat of malicious insiders is to clearly define privileged users and install controls that allow employees to only access what they need to perform their jobs. By monitoring user behavior, security teams can establish a pattern of regular activity and quickly raise red flags when anomalies occur.

Insider threats are often not malicious, but attackers frequently aim to compromise user credentials through social engineering tactics. The ability to recognize changes in user behaviors allows analysts to detect incidents and respond more quickly — reducing dwell time and minimizing the impact of a breach.

Beat the Clock: Develop and Implement an Incident Response Plan

Many companies will struggle to report incidents within the mandated 72-hour window. IBM recommends tapping the expertise of a computer security incident response team (CSIRT) to address challenges related to post-breach response and resilience. Also, security teams must establish and follow a comprehensive incident response plan designed to help the organization meet compliance in the aftermath of a breach.

The very process of developing an incident response plan will reveal weaknesses in existing security strategies. Once established, the plan should regularly be tested. This tactic will enable organizations to strengthen business continuity and disaster recovery operations to minimize the impact of a breach and the disruption that typically follows. More importantly, it will help them stay on the right side of GDPR compliance today and in the future.

Read more content to help you prepare for GDPR compliance

More from Incident Response

Why federal agencies need a mission-centered cyber response

4 min read - Cybersecurity continues to be a top focus for government agencies with new cybersecurity requirements. Threats in recent years have crossed from the digital world to the physical and even involved critical infrastructure, such as the cyberattack on SolarWinds and the Colonial Pipeline ransomware attack. According to the IBM Cost of a Data Breach 2023 Report, a breach in the public sector, which includes government agencies, is up to $2.6 million from $2.07 million in 2022. Government agencies need to move…

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

What cybersecurity pros can learn from first responders

4 min read - Though they may initially seem very different, there are some compelling similarities between cybersecurity professionals and traditional first responders like police and EMTs. After all, in a world where a cyberattack on critical infrastructure could cause untold damage and harm, cyber responders must be ready for anything. But are they actually prepared? Compared to the readiness of traditional first responders, how do cybersecurity professionals in incident response stand up? Let’s dig deeper into whether the same sense of urgency exists…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today