Minimise risks with heyData
Data breach - What to do when it happens
Protect your business from potential data breaches. With our all-in-one solution, we help companies meet their compliance requirements and prevent data breaches.
Data breach prevention and management- Gain customer trust and legal certainty
- Advice from specialised lawyers
Table of contests
According to Article 4 Number 12 of the GDPR, a data breach is a "personal data breach". Data breaches can have serious consequences, both for the company and for the data subjects. It is about the protection of personal data, which may include sensitive data about the data subject. Data breaches can cause personal data to be stolen, altered, or disclosed without authorisation. This can lead to identity theft, reputational damage, and financial loss. Companies that prevent data breaches gain the trust of their customers and also prevent possible legal consequences.
Data breaches can occur in a number of ways. Here are some examples that companies should be aware of:
- Loss or theft of storage media or hardware devices, such as USB sticks, smartphones, or laptops, that contain personal data.
- Unauthorised access to personal data through phishing, hacker attacks, or the theft of access data.
- Unintentional deletion or modification of data.
- Sending open distribution list emails that leak personal data to unauthorised recipients.
- Incorrect disposal of documents containing personal data.
To prevent data breaches, it is crucial to implement appropriate security measures. Here are some best practices you should follow:
1. Raise awareness and train employees
Employee training and awareness are essential to raise awareness of data protection risks. Staff should be educated on best security practices such as using strong passwords, regularly updating software, and identifying phishing attempts.
Our staff training is designed to educate employees on various topics related to data protection, cyber security, and compliance to minimise the risk of data breaches and cyber-attacks.
2. Strong access controls
Ensure that access rights to personal data are only granted to authorised individuals. Implement access restrictions and regular audits to ensure that only those employees who need access have it.
3. Data backup and encryption
Regular backups are critical to recovering data in the event of a data breach. You should also encrypt personal data to ensure its confidentiality, both in storage and in transit.
4 Up-to-date security systems
Keep your software and systems up to date by installing security patches and updates regularly. Outdated software can be enough for a hacker to break into your systems.
A data protection breach can have serious consequences, both financially and in terms of customer trust. The General Data Protection Regulation (GDPR) provides for high fines, which can be up to 4 % of global annual turnover or up to 20 million euros, depending on the severity of the breach.
In the event of a data breach, you should act immediately:
- Document the breach: Record all relevant information about the data breach in writing.
- Notify the supervisory authority: Inform the competent data protection authority about the breach.
- Inform the data subjects: Notify the data subjects about the data breach and the measures taken.
- Analyse the cause: Investigate the cause of the breach and take measures to prevent similar incidents in the future.
heyData is specifically designed to help businesses meet the requirements of the GDPR and prevent data breaches. Our software offers:
- Risk assessment: We help you identify potential risks and vulnerabilities at an early stage to proactively prevent data breaches.
- Establishment of technical and organisational measures: We support you in taking all necessary technical and organisational measures to avoid risks and comply with applicable regulations.
- Notification system: Should a data breach nevertheless occur, heyData supports you in notifying all necessary bodies in a timely manner.
- Documentation of the data breach: In addition to notifying the authority, heyData also creates an internal document containing all relevant information about the data breach in accordance with Art. 33 GDPR.
Discover the advantages of an external data protection officer now!
Hear it From Our Customers
"heyData impressed us with their digital software solution and expertise. Like us, heyData is a digital pioneer in a rather traditional and less digital industry. heyData is a strong partner for the BRZ Group."
Markus Schobert
Head of Customer Service at BRZ Gruppe
"heyData is a great help for us and makes the topic of data protection really easy.We are very satisfied with the digital audit, the online training and the customer support."
Leonard von Kleist
CTO & Co-Founder at Hive Technologies GmbH
"I value this feature for its ability to simplify supplier risk assessment.It is an indispensable tool for anyone dealing with data compliance in the European Union and Switzerland."
Jan Stephan
Head of Legal Affairs at Learnship
"As a customer, we have only had good experiences with heyData's support and communication.Questions were answered in detail, responses were always prompt and personal 1-1 support is also no problem."
Roman Georgi
Director Of Customer Support at AMBOSS
"It is a flexible solution that could be ideally tailored to our needs. Now everything is always up to date in terms of data protection."
Frank
Sales at Frank GmbH
"We always receive competent and prompt advice from heyData and have so far been able to find a satisfactory solution to every question relating to the GDPR or data protection in general."
Nikolai
CTO at Instaffo GmbH
Frequently asked question
According to Article 4 - number 12 - of the General Data Protection Regulation, a data breach is a breach of security that accidentally or unlawfully results in the destruction, loss, alteration, unauthorised disclosure of or access to personal data.
Identifying a data breach can be complex. Signs may include unusual system activity, reports of stolen or lost devices, or unexplained data loss. According to Article 33 paragraph 1 of the GDPR, regular monitoring is required to identify such incidents.
According to Article 33 paragraph 1 of the General Data Protection Regulation, if you discover a data breach, you must notify the competent data protection authority without undue delay and, where possible, within 72 hours of becoming aware of the breach. This should include mitigation measures such as changing passwords or blocking access.
Failure to report a data breach can result in significant fines under Article 83 of the GDPR. These can be up to €20 million or up to 4% of annual global turnover, whichever is higher.
As an affected person, you have first and foremost the right to be informed of the data breach in accordance with Article 34 of the GDPR, as well as the right to lodge a complaint with the competent data protection authority in accordance with Article 77 of the GDPR. Finally, you may also be entitled to financial compensation.