Product

CB Comply: DSAR & data breach response

who should you talk to? make an enquiry
GDPR data breach and DSAR response

Getting in front of a data breach or data subject access request.

Much time has passed since the implementation of the GDPR and Data Protection Act (DPA) in 2018 and the Information Commissioner’s Office (ICO) has now started to show its teeth. Record fines have been issued to British Airways and the Marriott hotel chain and there will doubtless be more to follow.

Organisations should now have their ‘house in order’, in terms of data protection policies, procedures and security. However, even the most compliant of organisations will at some point be approached for a DSAR (Data Subject Access Request) or suffer a data breach. How your business deals with that breach or request could be the difference between a small ‘slap on the wrist’ and much more serious enforcement action, along with the painful damage to brand and reputation that can follow.

How Collyer Bristow can help:

Getting in front of a data breach or data subject access request.

Much time has passed since the implementation of the GDPR and Data Protection Act (DPA) in 2018 and the Information Commissioner’s Office (ICO) has now started to show its teeth. Record fines have been issued to British Airways and the Marriott hotel chain and there will doubtless be more to follow.

Organisations should now have their ‘house in order’, in terms of data protection policies, procedures and security. However, even the most compliant of organisations will at some point be approached for a DSAR (Data Subject Access Request) or suffer a data breach. How your business deals with that breach or request could be the difference between a small ‘slap on the wrist’ and much more serious enforcement action, along with the painful damage to brand and reputation that can follow.

How Collyer Bristow can help:

More information

DATA BREACH RESPONSE

Data controllers may be required to report a data breach to the ICO without undue delay and, where feasible, not later than 72 hours after becoming aware of it. If faced with a data breach Collyer Bristow’s dedicated Data Protection Team can work with you to ensure that your response is handled correctly and within the time limits. We’ll advise whether the breach is serious enough to be reported to the ICO and/or data subjects and guide you through the notification process. Should the ICO issue enforcement actions against you we can advise you on how to respond and implement any remedial changes required to your policies and procedures.

Any data breach can cause reputational damage: misuse of data increasingly has serious consequences for a company’s image. A lost laptop, a disgruntled employee utilising data, or a mismanaged marketing campaign can seriously affect customer trust and public perception. With social media, the impact can be swift and difficult to mitigate. Our team can move quickly to help you build a response plan to limit the possible brand and reputational damage that can result from a serious breach.

Make an enquiry

DATA SUBJECT ACCESS REQUEST (DSAR) RESPONSE

Under the GDPR and DPA the rules governing the response to handling requests from individuals to access the personal data that you hold on them, known as a Data Subject Access Request (DSAR), have been tightened up. You must act on a DSAR without delay
and in most cases respond within one month. We can help you to put suitable policies and procedures in place and advise you on the practicalities of preparing a response which complies with the law.

Make an enquiry

DATA PROTECTION TRAINING

Policies and procedures are only effective if they are both familiar and well-understood. We can provide your management team, your compliance team and/or your sales and marketing team with bespoke training to advise them on a wide range of issues around GDPR and data protection, including all or some of the following:

  • Knowing what policies and procedures there are and what they say;
  • Identifying situations with a high risk of a data breach or a significant non-compliance;
  • Dealing efficiently with Data Subject Access Requests (DSARs) and other rights
    asserted by data subjects;
  • Responding quickly and effectively to a serious data breach;
  • Managing and minimising the reputation ‘fall-out’ following a major data breach;
  • Responding to enforcement actions and enquiries from the ICO;
  • Ensuring improved compliance with the GDPR and DPA.

Make an enquiry

DATA BREACH RESPONSE

Data controllers may be required to report a data breach to the ICO without undue delay and, where feasible, not later than 72 hours after becoming aware of it. If faced with a data breach Collyer Bristow’s dedicated Data Protection Team can work with you to ensure that your response is handled correctly and within the time limits. We’ll advise whether the breach is serious enough to be reported to the ICO and/or data subjects and guide you through the notification process. Should the ICO issue enforcement actions against you we can advise you on how to respond and implement any remedial changes required to your policies and procedures.

Any data breach can cause reputational damage: misuse of data increasingly has serious consequences for a company’s image. A lost laptop, a disgruntled employee utilising data, or a mismanaged marketing campaign can seriously affect customer trust and public perception. With social media, the impact can be swift and difficult to mitigate. Our team can move quickly to help you build a response plan to limit the possible brand and reputational damage that can result from a serious breach.

Make an enquiry

DATA SUBJECT ACCESS REQUEST (DSAR) RESPONSE

Under the GDPR and DPA the rules governing the response to handling requests from individuals to access the personal data that you hold on them, known as a Data Subject Access Request (DSAR), have been tightened up. You must act on a DSAR without delay
and in most cases respond within one month. We can help you to put suitable policies and procedures in place and advise you on the practicalities of preparing a response which complies with the law.

Make an enquiry

DATA PROTECTION TRAINING

Policies and procedures are only effective if they are both familiar and well-understood. We can provide your management team, your compliance team and/or your sales and marketing team with bespoke training to advise them on a wide range of issues around GDPR and data protection, including all or some of the following:

  • Knowing what policies and procedures there are and what they say;
  • Identifying situations with a high risk of a data breach or a significant non-compliance;
  • Dealing efficiently with Data Subject Access Requests (DSARs) and other rights
    asserted by data subjects;
  • Responding quickly and effectively to a serious data breach;
  • Managing and minimising the reputation ‘fall-out’ following a major data breach;
  • Responding to enforcement actions and enquiries from the ICO;
  • Ensuring improved compliance with the GDPR and DPA.

Make an enquiry

View our CB Comply: DSAR & data breach response Lawyers:

“It would be a mistake for organisations to get complacent about the GDPR, the ICO has very real powers and is starting to take a tough line.”

Patrick Wheeler

Collyer Bristow LLP