Compliance | Google Analytics | GDPR
Digital marketing strategy
It is increasingly in the news: data leaks and data breaches. Whether it is within the government, in a hospital or on web shops, every organization has to deal with it. The Dutch Data Protection Authority received about 24,000 reports of data breaches last year and the number of hacking, malware or phishing incidents increased by 30%. But what exactly is a data breach?
A data breach is when confidential, personal, or other sensitive information is leaked into an insecure environment. Data breaches can occur accidentally or as a result of deliberate attacks.
Millions of people are affected by data breaches each year. They range from doctors accidentally viewing fake patient medical records to full-scale attempts to access government computers and steal sensitive information.
Data breaches are a major security risk because sensitive data is constantly transmitted over the Internet. This continuous flow of information allows attackers to attempt data breaches against virtually any individual or organization, anywhere. Companies around the world also store data in digital form. Servers where data is stored are often vulnerable to various forms of cyberattacks.
According to the privacy law or GDPR, they speak of a data breach when a third party has gained unauthorized access to sensitive personal data such as credit card numbers, bank account details and health information. The most common examples of data breaches are:
Large enterprises are prime targets for attackers trying to cause data breaches because they provide a huge payload. This payload can include millions of users’ personal and financial information, such as login information and credit card numbers. All this data can be resold on the underground market.
However, attackers target anyone from whom they can extract data. Any private or confidential data is valuable to a cybercriminal – usually, someone in the world is willing to pay to get it.
The GDPR is very broad on what a data breach means, but more specific on how to deal with it. Article 33 of the GDPR is entitled “Notification of Personal Data Breach to Supervisory Authorities” and lays out in clear language the due process in the event of a personal data breach. The company must report the breach to the relevant supervisory authority within 72 hours of his becoming aware of it.
Reports to supervisory authorities should include some specific information, such as:
When a data breach has been reported on time, there are no further problems to worry about. However, if the security is not in order and the data leak has been reported too late, this can lead to an investigation and a fine for insufficient security. A fine for reporting late with a poorly secured website can lead to a fine of up to ten million euros or 2% of the organization’s annual global turnover.
Data breaches often involve intentional and malicious actions to gain access to secure data. This includes cyberattacks such as phishing and ransomware.
On the other hand, a data leak is the result of an accident in which data is accidentally exposed. This can happen with poor data security and hygiene, outdated systems, and lack of staff training.
The line between breach and data leak is blurred. The conditions that allow a cyber-attacker to carry out a data breach are often present in data breaches.
No organization is immune to data breaches. Even if a company is confident in the security of its business, it’s still a good idea to invest in an up-to-date data breach response plan before it becomes a problem. The details of your response plan will vary depending on the needs of your organization. Fortunately, there are checklists that serve as a solid guide to most data breach response plans. The Australian Information Commissioner’s Office has compiled a guide that you can follow. Make sure your response plan includes:
In the coming years, the amount of data will grow even further. When more information moves to the cloud, cyberattacks will become more common. Employees need to know what a data breach is, what to do if they come across one, and what the possible consequences may be of not reporting it to the Data Protection Authority. Nixon Digital Services helps you map your digital landscape, so you can be assured of sustainable changes that prevent privacy issues and data breaches.