Minimise risks with heyData

Data breach - What to do when it happens

Protect your business from potential data breaches. With our all-in-one solution, we help companies meet their compliance requirements and prevent data breaches.

  • check Data breach prevention and management
  • check Gain customer trust and legal certainty
  • check Advice from specialised lawyers

Why should companies avoid potential data breaches?

According to Article 4 Number 12 of the GDPR, a data breach is a "personal data breach". Data breaches can have serious consequences, both for the company and for the data subjects. It is about the protection of personal data, which may include sensitive data about the data subject. Data breaches can cause personal data to be stolen, altered, or disclosed without authorisation. This can lead to identity theft, reputational damage, and financial loss. Companies that prevent data breaches gain the trust of their customers and also prevent possible legal consequences.

Examples of data protection breaches

Data breaches can occur in a number of ways. Here are some examples that companies should be aware of:

  • Loss or theft of storage media or hardware devices, such as USB sticks, smartphones, or laptops, that contain personal data.
  • Unauthorised access to personal data through phishing, hacker attacks, or the theft of access data.
  • Unintentional deletion or modification of data.
  • Sending open distribution list emails that leak personal data to unauthorised recipients.
  • Incorrect disposal of documents containing personal data.

Data breach prevention

To prevent data breaches, it is crucial to implement appropriate security measures. Here are some best practices you should follow:

1. Raise awareness and train employees

Employee training and awareness are essential to raise awareness of data protection risks. Staff should be educated on best security practices such as using strong passwords, regularly updating software, and identifying phishing attempts.   
Our staff training is designed to educate employees on various topics related to data protection, cyber security, and compliance to minimise the risk of data breaches and cyber-attacks.

2. Strong access controls

Ensure that access rights to personal data are only granted to authorised individuals. Implement access restrictions and regular audits to ensure that only those employees who need access have it.

3. Data backup and encryption

Regular backups are critical to recovering data in the event of a data breach. You should also encrypt personal data to ensure its confidentiality, both in storage and in transit.

4 Up-to-date security systems

Keep your software and systems up to date by installing security patches and updates regularly. Outdated software can be enough for a hacker to break into your systems.

What are the consequences of a data breach?

A data protection breach can have serious consequences, both financially and in terms of customer trust. The General Data Protection Regulation (GDPR) provides for high fines, which can be up to 4 % of global annual turnover or up to 20 million euros, depending on the severity of the breach.

What to do in case of a data breach?

In the event of a data breach, you should act immediately:

  • Document the breach: Record all relevant information about the data breach in writing.
  • Notify the supervisory authority: Inform the competent data protection authority about the breach.
  • Inform the data subjects: Notify the data subjects about the data breach and the measures taken.
  • Analyse the cause: Investigate the cause of the breach and take measures to prevent similar incidents in the future.

How can heyData help prevent data breaches?

heyData is specifically designed to help businesses meet the requirements of the GDPR and prevent data breaches. Our software offers:

  1. Risk assessment: We help you identify potential risks and vulnerabilities at an early stage to proactively prevent data breaches.
  2. Establishment of technical and organisational measures: We support you in taking all necessary technical and organisational measures to avoid risks and comply with applicable regulations.
  3. Notification system: Should a data breach nevertheless occur, heyData supports you in notifying all necessary bodies in a timely manner.
  4. Documentation of the data breach: In addition to notifying the authority, heyData also creates an internal document containing all relevant information about the data breach in accordance with Art. 33 GDPR.

Discover the advantages of an external data protection officer now!

Hear it from our customers

Frequently asked question

Get in touch with our experts!

According to Article 4 - number 12 - of the General Data Protection Regulation, a data breach is a breach of security that accidentally or unlawfully results in the destruction, loss, alteration, unauthorised disclosure of or access to personal data.

Identifying a data breach can be complex. Signs may include unusual system activity, reports of stolen or lost devices, or unexplained data loss. According to Article 33 paragraph 1 of the GDPR, regular monitoring is required to identify such incidents.

According to Article 33 paragraph 1 of the General Data Protection Regulation, if you discover a data breach, you must notify the competent data protection authority without undue delay and, where possible, within 72 hours of becoming aware of the breach. This should include mitigation measures such as changing passwords or blocking access.

Failure to report a data breach can result in significant fines under Article 83 of the GDPR. These can be up to €20 million or up to 4% of annual global turnover, whichever is higher.

As an affected person, you have first and foremost the right to be informed of the data breach in accordance with Article 34 of the GDPR, as well as the right to lodge a complaint with the competent data protection authority in accordance with Article 77 of the GDPR. Finally, you may also be entitled to financial compensation.