GDPR: Data Breach Notification 101

Data Breach , General Data Protection Regulation (GDPR) , Standards, Regulations & Compliance

Brian Honan of BH Consulting on When to Notify - or Not(euroinfosec) • March 22, 2019     Brian Honan, president and CEO, BH Consulting

Since the EU's new privacy law came into effect on May 25, 2018, one challenge for organizations that suffer a breach is knowing whether or not they must report it to authorities, says Brian Honan, president and CEO of BH Consulting in Dublin.

See Also: Live Webinar | Passwords: Here Today, Gone Tomorrow? Be Careful What You Wish For.

To help, he recommends all organizations that must comply with General Data Protection Regulation start by familiarizing themselves with guidelines released by ENISA - the EU Agency for Network and Information Security - on measuring the severity and impact of a breach.

In a video interview with Information Security Media Group at RSA Conference 2019 in San Francisco, Honan discusses:

Data breach decision: Determining if a breach warrants notification; Why every organization that must comply with GDPR should make use of ENISA's breach impact methodology; What regulators do - and do not - want to see from breached organizations, and the risk organizations face if they get it wrong.

Honan heads BH Consulting in Dublin. He founded Ireland's first computer emergency response team and is also a cybersecurity adviser to Europol, which is the EU's law enforcement intelligence agency.