In two years, the General Data Protection (GDPR) legislation will be implemented in all European member states. This includes mandatory data breach notifications. The Netherlands leads the way with this legislation: data breach notifications already became mandatory in the country since January 2016.
In his blog published on Info Security Magazine, Kevin Jonkers, Manager Forensics and Incident Response at Fox-IT, offers guidelines for organizations to get ready for the GDPR. He stresses the importance of maintain data on relevant trace information: allowing for better determination of exactly what data was leaked. Network detection, the ‘digital black box’, also offers a way to find out which data were breached and where exactly the breach took place. Also, every company should appoint a ‘digital emergency response officer’: someone who knows exactly how to act in case of an incident and immediately takes the appropriate actions.
Read Kevin’s full blog and guidelines (in Dutch) on Info Security Magazine