. https://www.itgovernance.co.uk/blog/your-checklist-for-responding-to-and-reporting-data-breaches
blog article
There is a lot you need to do after you discover a data breach, so it’s a good idea to keep a checklist. This will help you keep track of your progress during a hectic few days and ensure that you’ve done everything necessary to comply with the EU GDPR (General Data Protection Regulation). We recommend using a list such as this: Find out what types of data are affected. Find out how many records are affected. Work out how the breach happened. Who and/or what was responsible? Stop the breach from escalating. Instigate business continuity plan. Determine whether the ICO needs to be notified. Determine whether affected individuals need to be notifie. Establish ways for affected individuals to contact you. Contact the ICO (if necessary). Contact affected individuals (if necessary). For advice on how you can complete each task, take a look at the guide below. We’ve split the checklist into five categories to demonstrate how each step works together. 1 Identify the extent of the breach. The first thing you need to do is determine the scale of the breach. That means finding out the types of data involved (names, email addresses, financial records, etc.) and the number of records that have been compromised. READ MORE