Belgian risk management association Belrim will focus on the need for rapid and correct action when faced with a data breach, in its first ‘Stamcafé’ event of the year, to be held on 18 January.
The session will be led by Yves Brants, president of the Belrim scientific committee and risk manager at NRB, a leading Belgian IT group. Brants will share good practice on this topic with fellow Belrim members.
Belgian risk managers and their peers across the EU have had to take data breaches very seriously following the introduction of the General Data Protection Regulation (GDPR) in May 2018.
It is among the world’s toughest data protection laws. Under the GDPR, the EU’s data protection authorities can impose fines of up to up to €20m or 4% of worldwide turnover for the preceding financial year – whichever is higher.
Huge fines have recently been issued to big brands such as Amazon (€746m), Whatsapp (€225m) and Google (€50m). Some 880 fines have been issued and the rough amount of all GDPR fines issued currently stands at more than €1.29bn.
Significantly, it is estimated that of this total, some €1bn in fines were handed out under GDPR in the third quarter of last year alone.
Belrim has pointed out that firms that handle data need to be prepared for a potential breach and have an action plan in place to deal with it.
As the EU regulations state: “A data breach occurs when the data for which your company/organisation is responsible suffers a security incident resulting in a breach of confidentiality, availability or integrity. If that occurs, and it is likely that the breach poses a risk to an individual’s rights and freedoms, your company/organisation has to notify the supervisory authority without undue delay, and at the latest within 72 hours after having become aware of the breach. If your company/organisation is a data processor, it must notify every data breach to the data controller.
“If the data breach poses a high risk to those individuals affected then they should all also be informed, unless there are effective technical and organisational protection measures that have been put in place, or other measures that ensure that the risk is no longer likely to materialise.
As an organisation, it is vital to implement appropriate technical and organisational measures to avoid possible data breaches.”
The next Belrim Stamcafé event is planned for 22 February and will be focused on the supply chain implications from the Ever Given container ship that blocked the Suez canal in the spring of last year.
For further details on these events visit: www.belrim.com