CHAPTER 14: INCIDENT RESPONSE MANAGEMENT AND REPORTING
It is critical that organisations be prepared to respond to security breaches in respect of personal data. It has become a truism to say that, sooner or later, every single organisation suffers a data breach. Multiple surveys and reports demonstrate that most organisations are subject to multiple breaches in a year of varying sizes and impacts. The issue is not “if” but “when”. When there is a data breach, you need to have in place a response mechanism that enables you to respond quickly and effectively.
Under the Regulation, a personal data breach is not merely marked by the loss of the data to an outside party, but is more broadly defined:
‘personal data breach’ means a breach of security ...