GDPR: Data Breach Notification 101Brian Honan of BH Consulting on When to Notify - or Not
Since the EU's new privacy law came into effect on May 25, 2018, one challenge for organizations that suffer a breach is knowing whether or not they must report it to authorities, says Brian Honan, president and CEO of BH Consulting in Dublin.
To help, he recommends all organizations that must comply with General Data Protection Regulation start by familiarizing themselves with guidelines released by ENISA - the EU Agency for Network and Information Security - on measuring the severity and impact of a breach.
In a video interview with Information Security Media Group at RSA Conference 2019 in San Francisco, Honan discusses:
- Data breach decision: Determining if a breach warrants notification;
- Why every organization that must comply with GDPR should make use of ENISA's breach impact methodology;
- What regulators do - and do not - want to see from breached organizations, and the risk organizations face if they get it wrong.
Honan heads BH Consulting in Dublin. He founded Ireland's first computer emergency response team and is also a cybersecurity adviser to Europol, which is the EU's law enforcement intelligence agency.