Under the GDPR and DPA companies must implement appropriate security measures to protect personal data. Breaches place the physical and financial security of customers and organisations at risk and can severely damage firms’ reputations. Any personal data breach must be reported to the ICO within 72 hours of discovery unless it can be demonstrated that it is unlikely to result in a risk to individuals’ rights and freedoms.
Here are several resources on how to protect your data in accordance with legal requirements and what to do in the case of a data breach.
Links
- National Cyber Security Centre: Information for Small and Medium Sized Organisations
- National Cyber Security Centre: Information for Large Organisations
- National Cyber Security Centre: Helping banish malicious adverts and drive a secure advertising ecosystem
- ICO Guidance on Security Outcomes
- ICO Guidance: A guide to data security
