Where investigations under the current legislation are more reactive to breaches, it is the intention for GDPR investigations to be more outcome focused and risk-based.
The ICO (Information Commissioner’s Office) will expect any business which finds itself having to report a data protection breach to it to be able to demonstrate exactly what steps it had taken to attempt to stop any such breach from occurring.
An organisation will need to show it has taken appropriate technical and organisational measures and will be expected to demonstrate that it has taken all proportionate steps to ensure compliance.
For example, there will need to be a clear demonstration of proper policies and procedures relating to the handling and processing of personal data and procedures in place to detect, report and investigate any breach.
After May 2018, it will be a requirement for the ICO to be correctly notified within 72 hours should any breach occur. Any such notification must contain specific information including details of the breach, the likely consequences and measures taken at that stage to mitigate the damage.
In the event of a beach occurring, it is vital that expert legal advice is obtained as quickly as possible. Richard Nelson LLP has experienced lawyers who can assist you. If you require assistance of this nature, please contact us today.
Get in touch
For more information about the services we can provide and about how we can help you and your business, contact us.
What we do...
Richard Nelson LLP currently offers a range of services relating to ICO investigations and Data Protection Act 1998 breaches. As soon as GDPR comes into force, we will be able to offer comparable services for investigations into GDPR breaches: