Speed of the essence if GDPR breach hits, but no need to reinvent the wheel

Companies must act fast if a breach occurs under the General Data Protection Regulation (GDPR), but should be able to follow crisis response and business continuity plans already in place to deal with other problems, said Nordic risk managers taking part in our European Risk Frontiers survey. Despite this simple message, some stressed that businesses have struggled to fully comply with the new regulation and not everyone is prepared to respond to its demands. “Every company should include breaches, not only GDPR, into their continuity planning. If possible, also do live scenario training to practice the continuity plan in a real situation, to make sure all functions know their responsibilities. If you have cyber insurance that covers breaches, make sure to involve insurers’ first response team in the plan,” advised Alexander Hansén, group insurance manager at multinational retail firm H & M Hennes & Mauritz AB. Tapio Huovinen, director of risk management at renewable wood biomass company UPM, asked how any response required by the GDPR is much different to other crisis scenarios. He did, however, make clear that companies need to be on the front foot. “The GDPR deals with personal data so is a bit more sensitive, and the media interest at this time is large. As a result, GDPR breaches probably require a speedier response. But other than that, you should use the same sort of processes in place for other security incidents or problems that occur. Our management and media teams understand how to respond to these kinds of issues quickly, which is important. The key is to make sure you are responding as quickly as you can,” said Mr Huovinen. For her part, Melinda Johansen, general manager of group risk management at Denmark-based engineering group FLSmidth & Co, said companies must understand where they are vulnerable and then structure their response. “The most important thing is to make sure that people involved in the mitigation and response plan are prepared. They need to know what to do, how to act, what to say and who to call if there is a breach,” she said. The risk manager thinks there is still a lot about the GDPR that companies do not fully understand, which might cause nasty surprises down the line. “It is a very complicated set of rules with some parts more straightforward than others. So, I don’t think everybody is prepared for it. I think we have done the best that we could to prepare based on our current understanding, but I think more will be learnt as things play out,” she said. Anders Esbjörnsson, director of group insurance at construction firm NCC Group, agreed that some businesses are unlikely to be fully aligned with the GDPR just yet. “I think many companies know the gaps and have tightened those for the most obvious parts. A lot of companies do have sensitive information about private persons, and fixing that from when the GDPR came into force on 25 May needs to be the number-one priority, and then handling the archives is priority number two,” he said. “You definitely need to be transparent at all stages when it comes to the GDPR and show that you have the process under control,” Mr Esbjörnsson added.

Speed of the essence if GDPR breach hits, but no need to reinvent the wheel

Want to read this article?

Read Next

Marsh tracks slowdown in global Q1 rate hikes

Markel names head of terrorism in London

Insurers defend Nord Stream’s €400m lawsuit as act of war

Allstate posts nat cat loss of $343m for March

UAE flash flood losses manageable as insurers adapt to changing weather

Marsh tracks slowdown in global Q1 rate hikes

Markel names head of terrorism in London

Insurers defend Nord Stream’s €400m lawsuit as act of war

Allstate posts nat cat loss of $343m for March

UAE flash flood losses manageable as insurers adapt to changing weather

Want to read this article?

Read Next

Marsh tracks slowdown in global Q1 rate hikes

Markel names head of terrorism in London

Insurers defend Nord Stream’s €400m lawsuit as act of war

Allstate posts nat cat loss of $343m for March

UAE flash flood losses manageable as insurers adapt to changing weather

Related Articles