Identifying a data breach under the GDPR (General Data Protection Regulation) – as well as determining who has been affected, how extensive it is and how it happened – within 72 hours can pose a challenge for any organisation.
With the threat of a data breach becoming increasingly imminent, it is vital that you are prepared to respond in a crisis.
We will help you respond to an incident or data breach quickly and in line with the GDPR’s requirements so that you can resume your normal business operations with minimal disruption and hassle.
Everything you need to comply with the GDPR’s data breach reporting requirements, all in one place, at a fixed cost.
“I would like to thank you very personally for being such a steadying and calm influence on the preparation process for the initial submission and for working on Saturday to get it done and in. It was an enormous relief to have someone of your experience to draw on in the first few hours of dealing with this nasty incident.” -Client name withheld for confidentiality reasons.
1. Reviewing and assessing the nature of the breach.
2. Making a considered decision as to whether the breach needs to be reported to the ICO.
3. Liaising with the single point of contact within your organisation.
4. Advising on the immediate steps to take to protect your organisation and its data subjects.
5. Liaising with the ICO, including responding to and following up on its questions.
6. Notifying data subjects if appropriate.
7. Forensic analysis via our trusted partners, if required (additional cost).
With our retainer service you will already be set up as a client, with a pre-approved breach response plan and payment taken care of, meaning we can help you immediately when time is of the essence.
Breach support is available between Monday and Friday, 9:00 am to 5:30 pm, GMT/BST, in line with the Information Commissioner’s Office.
The cost of forensic investigations is not included in the price.
Led by our management team of experienced DPOs (data protection officers), lawyers, barristers, and information and cyber security experts, we provide DPO, breach, data privacy management, and data subject access request support, and associated non-reserved legal services.
We offer legal risk and compliance consultancy advice that you can trust, but without the burden of administrative duties and expenses that law firms must bear in order to carry out certain ‘reserved legal activities’, such as litigation, conveyancing and advocacy.
GRCI Law has completed the NHS Data Security and Protection (DSP) Toolkit online self-assessment tool which allows organisations to measure their performance against the National Data Guardian’s 10 data security standards, providing the assurance (to all NHS clients) that we are practising good data security and that personal information is handled correctly. If you process NHS patient data in any capacity, GRCI Law is able to assist you with all your data privacy requirements.
If you need assistance to become compliant with the DSP Toolkit, our sister company IT Governance Ltd offers several options to help you complete this exacting requirement.
If you have any queries or you’re unsure of how to progress, please get in touch with our team of experts who will be able to assist with your enquiry and provide guidance options.