Develop an Incident Response Plan

Develop an Incident Response Plan

Develop an incident response plan before a security breach occurs

 

A key intervention for GDPR is the development of an incident response plan. Showing evidence of having a plan in place to account for the risk of a cyber breach, and executing on that plan if it does occur, is a vital way to mitigate legal liability and reputational harm.

An incident response plan helps directly to mitigate legal liability by ensuring, for example, that breach notification requirements and procedures are already known and can be implemented upon discovering a breach. Some regulations can impose short notification turnaround times, such as 72 hours. Failure to comply with these notification times could lead to penalties if the relevant regulation provides for that, and could lead to reputational harm.