Is Your Data Breach Response Plan Up to Par?

June 8, 2018

By Tara Deering-Hansen

The European Union’s new General Data Protection Regulation (GDPR) is a sign of the times and shows that governments can step in to protect consumers’ data, but with far-reaching implications. After the Facebook and Equifax data breaches, consumers are more aware of how their personal information and digital footprints can be mishandled and misused.

The GDPR, which became effective May 25, 2018, sets a high standard of compliance for U.S. companies that operate globally. But there are several GDPR rules that even small Iowa businesses should follow to mitigate reputation damage when there’s a data breach. For example, all companies should adopt the best practice of notifying regulators and consumers within 72 hours of detecting a breach.

If you're a public relations professional, here are few questions to ask yourself: Do you understand your role in executing these new requirements? Are you educating your company about new rules like this? Are you actively working with the right departments to ensure compliance?

Schedule a data breach drill

If the GDPR doesn’t impact your company, it’s still a perfect time to review your operations and compliance policies and identify ways to be more stringent. We’ve been working with our clients to review their data breach response plans and incorporate updates that align with the GDPR. We then schedule a data breach drill — because practiced strategy is what enables a company to rise above emotion and act swiftly when the worst happens.

Be proactive in your messaging

We also advise clients that their messaging before a crisis is just as important as what’s communicated during a crisis. To build trust with consumers on this topic, companies must establish frequent communication touch points and use those opportunities to educate and promote transparency. If you want to demonstrate that data protection is a corporate priority, proactively talk about your privacy efforts and provide customers with tips to better safeguard their information.

Do you need help navigating the new GDPR requirements, updating your data breach plan or hosting a tabletop drill? Reach out to us here, and we'll be happy to answer your questions.

*Portions of this article were featured in the June 8, 2018, issue of the Des Moines Business Record.