skip to main content
Close Icon We use cookies to improve your website experience.  To learn about our use of cookies and how you can manage your cookie settings, please see our Cookie Policy.  By continuing to use the website, you consent to our use of cookies.
Global Search Configuration

Ovum view

Summary

Article 33 of the EU's General Data Protection Regulation (GDPR) stipulates that details of the breach of regulated data be reported to the regulator within 72 hours of becoming aware of the breach. Ovum's recent report, Ovum Market Radar: GDPR Data Breach Management and Reporting, finds that relatively few vendors currently offer enterprise-strength solutions to help meet this challenging obligation, but that demand is likely to reward these early-to-market players.

Data breach management and reporting must be established as an organizational capability

The requirement to inform regulators and possibly affected EU citizens formally, in addition to greatly increased potential noncompliance penalties, escalates the importance of handling breach reporting. Those penalties could be as high as 4% of global turnover or €20m ($22.8m), whichever is greater, but enterprises also have to consider impacts such as the erosion of citizens' trust in organizations when breaches become known, and the effect on corporate reputation and brand value (both of which are keenly felt at executive level).

Breaches have become all too common, with the UK Government's 2017 Cyber Security Breaches Survey indicating that 46% of businesses were aware of a breach or attack having occurred in the last year. There could be many and varied reasons for data breaches, including complex cybersecurity threats, or simple human errors such as the loss of a portable device. Unfortunately, the potential for breaches to arise continues to grow with the increased diversity of user behavior and systems environments (for example, cloud-based services and Internet of Things devices).

Ovum research indicates that GDPR is increasing risk awareness and driving security-related investments as a common high priority. While security protection is certainly worthy of close attention, we advise that organizations of all types should consider investing in a breach management and reporting capability to link together the many stakeholders that should contribute. Departments and personnel that may be involved include legal and compliance, HR, marketing and communication, and IT. It is particularly important that any third-party partners involved in the required action relating to the data breach are also aware of their responsibilities. A breach management and reporting solution enables the establishment of processes and approvals, collaboration, data management and integration, and standardized reporting that will be required to help organizations to meet these high-stakes GDPR obligations successfully.

Appendix

Further reading

Ovum Market Radar: GDPR Data Breach Management and Reporting, INT003-000284 (November 2018)

"The importance and breadth of GDPR obligations on data breach reporting should not be underestimated," INT003-000152 (March 2018)

Author

Alan Rodger, Senior Analyst, Infrastructure Solutions

alan.rodger@ovum.com

Recommended Articles

;

Have any questions? Speak to a Specialist

Europe, Middle East & Africa team: +44 7771 980316


Asia-Pacific team: +61 (0)3 960 16700

US team: +1 212-652-5335

Email us at ClientServices@ovum.com

You can also contact your named/allocated Client Services Executive using their direct dial.
PR enquiries - Email us at pr@ovum.com

Contact marketing - 
marketingdepartment@ovum.com

Already an Ovum client? Login to the Knowledge Center now