Skip to main content

It’s smart to plan and prepare for a data breach

Jim Steven 4 minute read Data protection, GDPR

The ability to act quickly after a data breach is essential and is expected as part of the General Data Protection Regulation (GDPR). It’s only achievable however if you have a plan in place.

Current research from Experian and ComRes shows that one in five businesses of all sizes has experienced a data breach in the past two years (21%).

As the world of business and data security incidents rise, so does the risk of financial and reputational damage related to an incident. There is no doubt about the interdependency on strong readiness plans. Plans need to be tailored to the array of businesses stakeholders’ and the diverse scenarios that can present themselves.

A prepared business understands the essential primary considerations, such as where high-value assets are held within the organisational structure and identify the necessary safeguarding measures. Additionally, the potential financial risk coupled with the pre-prepared plan ensures the business can act quickly and strategically before and following the incident to regain security and protect the brand.

Clean data vs aged data when you need it

In the event of a breach, the importance of clean and up-to-date customer data cannot be overstated. Experian’s new statistics show that only 47 percent of businesses of any size say they have clean customer and/or employee data, the majority, 90 percent, review it just once a year.

This will cause unintended consequences. The problem with uncleansed customer data is that it can severely hamper an organisation’s ability to act efficiently in the event of a breach. Finding out new customer details during a crisis is time-consuming, damaging to reputations – and potentially impossible. The right time to be seeking up-to-date customer details is before an emergency strikes, not right after. What’s more, the forthcoming GDPR introduces a duty to all organisations to inform those individuals whose rights and freedoms could be adversely affected without undue delay.

What customers expect from businesses

Beyond speed of response to a data breach and GDPR requirements, it’s also important for organisations to bear in mind what customers expect in terms of a response time in terms of a notification. Our research shows that more than half (52%) of people expect to be contacted and notified less than twelve hours after a breach. Only 20 percent of businesses, however, would expect to contact its customers within that timeframe. Clearly, there’s a large mismatch and one that may be difficult for companies to bridge. This is where data cleanliness, data hygiene, and robust and well-defined data processes come into play, as they can support the very best response and earn the goodwill of customers affected by the event.

With a thoroughly well-defined and practiced data breach response plan in place, none of this would be a major worry. There would be a team or third-party partner in place to deal with notifying customers in an incident, and all within the legal timeframe. The plan may also provide for a customer call centre that has the capacity to upscale to deal with the response, with legally pre-approved frequently asked questions to hand. Getting ahead of a problem being the best way to solve it, after all. If you’re not sure how well your organisation could respond to a breach, a good place to start is with a Pre-Breach Assessment. This gives a clear view of the quality, accuracy, and location of your data which can then help you to plan the related tasks you need to be fully prepared.

Having a pre-arranged response plan in place is therefore critical when racing against the clock following a breach. It allows a business to act quickly and prevent further data loss. It means you can respond, reassure and recover. And during a crisis, that’s a strong position to be in.

Read our whitepaper: Readiness vs reality