A Firm's Data Protection Arrangements

What is a Personal data breach?

A personal data breach is a security incident where personal and confidential information is stolen by (or accessible to) another individual who was not supposed to have access to it. The information can include a person’s name, birth date, street address, health care history, customer lists, Social Security number, and bank account information. Data breaches can be both intentional and unintentional.

How does a data breach impact a company?

• Reputational damage - lost confidence, negative press, associated identity theft, and potential customer’s views toward your company can take a hit
• Operational damage - from the moment your data is compromised to the entire investigation and recovery process, the effects of a data breach significantly impact business operations
• Legal ramifications - The law allows for affected consumers to be compensated via lawsuits and settlements
• Financial loss - fines or penalties, containing the breach, compensating the affected customers, managing changed stock valuations and heightening the security are all material financial consequences

How can a company fulfil accountability?

Compliance with GDPR is part of fulfilling accountability. Some things that help a company demonstrate accountability are:

1. Data Protection Officer (DPO) - person who will be formally assigned and tasked with ensuring that a company remains aware of data protection responsibilities and complies with its data protection responsibilities
2. Maintaining Records of Processing Activities - This is a legal obligation that companies maintain records of personal data processing activities
3. Data Protection Impact Assessment or DPIA - a process to help you and your company to identify and minimise the data protection risks of a project
4. An EU representative is also necessary if a company monitors the behaviour of individuals in the EU
5. A company must keep a log of all decisions relating to data protection and GDPR compliance