For companies that don’t have a data breach response plan yet, the task of achieving General Data Protection Regulation (GDPR) compliance might feel overwhelming. Article 33 of the regulation, which went into effect on May 25, 2018, sets a strict timeline for breach disclosure. It mandates that “the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority.”

Companies have 72 hours — and the clock is ticking.

What does an organization need to do to report a data breach within this 72-hour window? Overwhelmed or not, enterprises must adapt to the reality of this tight deadline and have a plan in place to meet it in the event of data compromise.

Start the Timer: Your Data Breach Response Plan

According to GDPR, a data breach report should include a description of the nature of the incident, the number of records potentially compromised, the likely consequences of the breach and the organization’s plans for remediation.

Does this sound like a tall order? It’s worth noting that there’s some flexibility in the reporting requirement. Article 33 states that if a company misses the 72-hour deadline, it must include a valid reason for the delay when it does report the breach.

Of course, this isn’t a license to rest on your laurels.

“The key thing that the regulatory authorities will look for is transparency and accountability and that you can demonstrate that you have started your journey,” said Brian Honan, CEO of BH Consulting, in a May 2018 interview with Information Security Media Group.

Against the Clock: Strike a Balance Between Productivity and Data Security

Companies can no longer defend themselves against cyberthreats by relying solely on antivirus software and firewall protections — especially when it comes to securing customer data. This reality is why it’s critical to understand the data your organization holds and have a policy for managing it throughout its life cycle. Holding onto assets that no longer have value only puts companies at risk.

Companies can better secure their data by implementing breach detection technologies that identify anomalous patterns. These tools provide data visibility, including a timeline of the attack. Some tools also provide artificial intelligence (AI)-powered monitoring capabilities and insight into storage environments from the cloud.

Successful breach prevention requires a proper balance between enabling productivity and protecting assets. This is why it’s crucial to adopt a proactive security plan capable of adapting to today’s evolving threat landscape.

Time Flies: Monitor Users to Understand Insider Threats

Earlier this year, a healthcare savings institution suffered a data breach after an employee’s email account was compromised, according to Infosecurity Magazine. Two days after an unauthorized user accessed the account, the malicious activity was detected, the account was destroyed and a forensics firm launched an investigation. That’s almost record-breaking dwell time — and an indication that the company proactively monitors users to identify potential insider threats.

“Often, attacks like these target privileged users with access to sensitive or valuable systems or data,” said Sam Elliott, director of security product management at remote support company Bomgar. “While companies are aware of this, providing security around these types of users without limiting their ability to do their jobs effectively is difficult.”

One way to address the threat of malicious insiders is to clearly define privileged users and install controls that allow employees to only access what they need to perform their jobs. By monitoring user behavior, security teams can establish a pattern of regular activity and quickly raise red flags when anomalies occur.

Insider threats are often not malicious, but attackers frequently aim to compromise user credentials through social engineering tactics. The ability to recognize changes in user behaviors allows analysts to detect incidents and respond more quickly — reducing dwell time and minimizing the impact of a breach.

Beat the Clock: Develop and Implement an Incident Response Plan

Many companies will struggle to report incidents within the mandated 72-hour window. IBM recommends tapping the expertise of a computer security incident response team (CSIRT) to address challenges related to post-breach response and resilience. Also, security teams must establish and follow a comprehensive incident response plan designed to help the organization meet compliance in the aftermath of a breach.

The very process of developing an incident response plan will reveal weaknesses in existing security strategies. Once established, the plan should regularly be tested. This tactic will enable organizations to strengthen business continuity and disaster recovery operations to minimize the impact of a breach and the disruption that typically follows. More importantly, it will help them stay on the right side of GDPR compliance today and in the future.

Read more content to help you prepare for GDPR compliance

More from Incident Response

3 recommendations for adopting generative AI for cyber defense

3 min read - In the past eighteen months, generative AI (gen AI) has gone from being the source of jaw-dropping demos to a top strategic priority in nearly every industry. A majority of CEOs report feeling under pressure to invest in gen AI. Product teams are now scrambling to build gen AI into their solutions and services. The EU and US are beginning to put new regulatory frameworks in place to manage AI risks.Amid all this commotion, hackers and other cybercriminals are hardly…

What we can learn from the best collegiate cyber defenders

3 min read - This year marked the 19th season of the National Collegiate Cyber Defense Competition (NCCDC). For those unfamiliar, CCDC is a competition that puts student teams in charge of managing IT for a fictitious company as the network is undergoing a fundamental transformation. This year the challenge involved a common scenario: a merger. Ten finalist teams were tasked with managing IT infrastructure during this migrational period and, as an added bonus, the networks were simultaneously attacked by a group of red…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today