What You Need to Know About GDPR Breach Disclosure, Response
Incident response is a critical pillar of an effective endpoint security program, one that will gain importance as GDPR enforcement comes into play on May 25. Organizations must be ready to react if and when an incident occurs in order to meet the stringent requirements that apply during an incident.
Under Articles 33 & 34 of the General Data Protection Regulation, a personal data breach must be disclosed to supervisory authorities and data subjects “without undue delay and, where feasible, not later than 72 hours” unless certain conditions are met. The current average discovery to notification time frame is 29.1 days, so significant improvement is needed in order to comply with GDPR standards.