ECOVIS ProventusLaw keeps you up-to-date with recent news and legislative changes relevant to the business. This time, ECOVIS ProventusLaw’s Data Protection team has prepared a summary on how to prevent potential data breaches and what to do in case of a personal data breach.
Firstly, ECOVIS ProventusLaw pays attention that organizations are required to carry out a risk assessment in all cases. Depending on the identified risks, nature, scope, context as well as the purpose of processing, appropriate technical and organizational measures ensuring the security of the processed data must be implemented. The list of which is available on the Lithuanian Data Protection Authority’s website.
When implementing / developing security measures, financial institutions are also required to comply with the Resolution of the Board of the Bank of Lithuania No 03-174 on the approval of the Description of Requirements for Information and Communication Technology and Security Risk.
GDPR principle of accountability requires every company to not only ensure compliance with the principles and rules of the GDPR, but also to demonstrate that they are being followed within the company.
Implementing the responsibilities arising from the principle of accountability is an ongoing process, therefore it is essential to ensure and maintain the necessary procedures and policies, to train and enforce staff and to establish appropriate internal governance and control.
What to do in the event of a personal data security breach
The most urgent
- Upon becoming aware of a possible security breach, inform the responsible persons: IT and security specialists and the data protection officer (consult with him/her to investigate and control the incident, submitting a report to VDAI and data subjects).
- Isolation of compromised devices during a cyber-attack.
- Each security incident must be investigated in detail and its causes determined.
- Inform the responsible authorities.
- Inform customers and other data subjects.
- Taking into account the data security incident and its consequences, implement additional security measures that would prevent such security breaches in the future, update available documents, procedures and plans.
We hope the information was useful. If you have additional questions or need professional assistance, please do not hesitate to contact us.