The Data Breach Assistant helps companies assess, document and report suspected data breaches in line with major data breach notification and privacy laws across the globe, including GDPR and NIS Directive in the EU, as well as the SHIELD, CCPA and CPRA in the US. The tool saves valuable hours for companies by simplifying their complex obligations.
The Data Breach Reporting Assistant helps to navigate and document data breaches in a fast, transparent and compliant way.
By replacing manual or Excel-based processes, the Data Breach Reporting Assistant enables you to assess suspected breaches against the respective regulatory framework, triage information and automate necessary documentation – all based on highly customizable risk-scoring models.
Additionally, all incidents are documented in an audit trail. If desired, a report and dashboard can also be generated to monitor and visualize key factors, such as, type of breach, number of incidents etc.
Data breach regulatory landscape in EU and US
Under the EU General Data Protection Regulation (GDPR), companies are obliged to report personal data breaches to the competent supervisory authority within 72 hours and, under certain circumstances, also to the affected person.
Similar requirements apply across the US. According to the State of California Department of Justice Attorney General, a business needs to notify any California resident whose personal information was acquired by an unauthorized person. If there are more than 500 instances of such a security breach notification, the business must also notify the Attorney General of the breach and provide a written sample copy of the breach. Likewise, in the State of New York, the SHIELD Act dictates that “businesses must inform the affected consumers following discovery of the breach in the security of its computer data system affecting private information.”
So, businesses are in a hurry to timely act when a breach, or a suspected breach, takes place. When this is coupled with a lack of a centralized, automated system to track and notify of breaches, businesses end up on the cusp of regulatory, financial, and reputational risks.
Data breach notification compliance challenges
The breadth of term ‘personal data’ however causes trouble in efficiently identifying a data breach in the first place. As a result, companies pay hefty fines for non-compliance. According to the EY reports, GDPR non-compliance costs Fortune 500 companies $8 billion each year. And since the law entered into force, over 500 actions were taken for non-compliance.
More challenges are seeping in, as numerous jurisdictions and states in the EU and across the US enact their own “GDPRs” that companies also need to abide by when managing data protection.
But while data protection is high on the list of priorities for global corporates, the 2021 EY Law Survey found that 65% of General Counsel lack the data and technology they need to effectively respond to a data breach. Manual efforts to identify and report data breaches are inefficient and cannot scale, leaving companies exposed to elevated risk.
Data Privacy Protection Compliance
As data privacy regulatory landscape becomes more granular, companies face higher risks and strained data protection officers, who need to consider local and industry specific requirements. Plus, data privacy efforts underlie the work of numerous teams across the company, not just legal.
To efficiently deal with data breaches and data protection, companies need to restructure their data processing methods, localize their infrastructure which leads to higher costs, enable in-country regulatory responses and, finally, ensure firm-wide compliance, both pre-empting data breaches and reporting them in due course.
Companies therefore need to have systems in place in order to effectively handle potential personal data breaches. Such systems specifically need to be able to handle the following tasks:
- detection of incidents within the company’s business units, which could constitute personal data breaches
- assessment of the incident’s relevance and, if applicable, the necessary measures required under data protection laws
- reporting of the incident and its assessment to the responsible department within the company with our business reporting software
With BRYTER, you can build a tool which uses predefined criteria to determine whether a personal data breach has occurred, and which steps must be taken in accordance with the GDPR guidelines. Through a customizable, interactive questionnaire, the internal business user is able to input, collect and process all relevant data. The modular logic of the Data Breach Reporting Assistant allows this questionnaire to be adapted to the user’s context in order to cover a large number of cases.
This way, the customer can build a risk-scoring mechanism that is able to take into account complex rules and warn of data breaches in a fast and reliable manner. The data breach assistant can automatically provide suggested steps to help triage the consequences of data breaches, allowing the company to act fast and document all the steps in a centralized audit trail, considering industry-specific rules and best practices. This helps ensure full coverage of potential data breaches, warning responsible departments in real time and enabling them to act fast.
Automated & standardized
The Data Breach Reporting Assistant allows you to assess data breaches and to determine risk profiles, necessary next steps and checklist – automatically. This ensures a consistent approach and documentation.
If a data breach occurs, time is key. The Data Breach Reporting Assistant allows you to quickly and efficiently deal with all the necessary steps involved in handling a data breach and thereby easily log incidents whilst reducing the number of falsely escalated incidents.
Centralized audit trail
Within the Data Breach Reporting Assistant, all relevant steps, actions and assessments are tracked and documented in a centralized audit trail. This allows you to prove and document compliant behavior.
The Data Breach Reporting Assistant can easily be integrated into a company’s existing IT infrastructure.
Every application built on BRYTER is customizable. The Data Breach Reporting Assistant may reflect your company’s unique policies, processes and risk treatments. The unique BRYTER Platform gives unparalleled opportunities for customization.
How it works
Identify data breach
Through a customizable, user-friendly and interactive questionnaire, all relevant data is collected and processed. It enables users to assess suspected breaches against the respective regulatory tests and to generate automated triaging and documentation.
A risk profile is generated from the initial assessment, flagging certain risks and providing recommendations for mitigation. The risk assessment can be intertwined with other processes (email, approvals, etc.) and document generation to streamline incident responses.
A dashboard allows to track and drive mitigation efforts and to document all incidents. This helps to hold risk owners accountable to deadlines and also offers metrics on overall risk reduction.