Data Breach Management
GDPR Data Breach Management Policy – 19th February 2019 Hannington Parish Council
To mitigate against data breaches
All members of the Hannington Parish Council will minimise data breaches by controlling access to their computers:
- Access to the computer device must be authenticated by the use of individual identification and passwords;
- Equipment that is connected to the internet must be protected by a suitable firewall which is maintained;
- Anti-Virus Software must be installed and automatically updated;
- A robust Data Back-up and storage regime must be adopted where required.
- All Personal Data must be stored and disposed of in a secure manner.
Who does what, when personal data is breached?
- The Public may report a data breach or they may suspect a data breach has occurred and they inform a member of the Hannington Parish Council. Or, a Councillor identifies a data breach.
- The Clerk to the parish council is informed immediately. In our case the Clerk is the Data Protection Officer and Data Controller.
- The Clerk informs the BHIB Insurance Brokers, Emergency Response Claims Service to:
- Engage Specialist consultants or consulting engineers to assess if a Data Security Breach has occurred, its scope, impact and mitigate an ongoing loss;
- Engage external legal advice to manage our response to a Data Security Breach;
- Notify any Data Subject(s) of the Data Security Breach;
- Notify any regulatory body of the Data Security Breach where required to do so by law or regulation. In this case, the Information Commissioner’s Office (ICO) where the risks to the rights and freedoms of data subjects is high. This must be done within 72 hours.
4. The Clerk to liaise with the Emergency Response Claims Service and update the Councillors on a weekly basis (or sooner if warranted) as to progress and status of the situation
5. The Councillors to make timely decisions on the recommendation of the parish Clerk.
Review and monitor
Once the personal data breach has been contained by the Emergency Response Claims Service team, the parish council will conduct a review of existing measures in place, and identify ways in which these measures can be strengthened to prevent a similar breach from reoccurring.
The review will also examine the log of actions taken to identify whether processes can be improved.
All identified measures will then be monitored by the parish council to ensure that the measures are implemented satisfactorily.
Data Breach Register.
In conjunction with the Clerk, the parish council will update the Data Breach Register and sign off that all provisions for the Data Subjects have been properly provided for, namely:
- A telephone help line to assist Data Subjects after they have been notified of the Data Security Breach;
- A credit protection service to the affected Data Subjects;
- Identity fraud remediation services for Data Subjects.
The Parish Clerk, Hannington Parish Council is responsible for ensuring adherence with the General Data Protection Regulations.
The Parish Clerk contact details are on the website at www.hanninton-hants-pc.gov.uk