Breach Response Planner (BRP)

European data protection regulators recommend that organisations which handle personal data should have a breach response plan in place. Failure to have a plan in place, could mean that the organisation is ill-prepared to respond to data security breaches and comply with legal reporting requirements. A breach response plan will therefore help avoid financial sanctions, data subject claims and reputational damage.

Aimed at risk managers, legal counsel, data protection and security professionals, the DAC Beachcroft Breach Response Planner (BRP) provides a step-by-step guide to building a practical plan for managing data breaches and other cyber incidents. The planner includes helpful tips and default content that can be easily customised. Your plan is easily and securely accessed at any time, from anywhere, on any device. It connects all your key stakeholders keeping them informed and engages with best-practice breach response.

Introducing DAC Beachcroft's Breach Response Planner

Key Features

The DAC Beachcroft Breach Response Planner will help your organisation:

• Draft a bespoke breach response plan;
• Ensure compliance with regulatory guidance;
• Centrally manage your internal and external response teams;
• Maintain an external repository of key stakeholder contact details;
• Identify escalation methods and reporting lines; and
• Set review and testing controls.

5 Step Approach

The BRP consists of five steps which will ensure that your plan is tailored to your organisation.

Step 1: Identify the Internal Breach Team

Here you can detail the key individuals who form the internal breach response team, their contact details and, in the case of the most important roles, their responsibilities. Examples of the type of people/teams you would typically see in this category are the Internal Breach Manager, Deputy Breach Manager, Executive Management, Head of HR, Head of PR/Media, Head of IT and the Legal and Risk teams. The portal allows you to enter as many categories and people as you see fit.

Depending on the severity of the breach, the plan provides for an escalating scale from Bronze, Silver to Gold, building the internal breach response team with greater resource and seniority in the organisation.

Step 2: External Breach Response Teams

Here you detail the key people who form the external breach response teams, their contact details and, in the case of the most important roles, their responsibilities. The type of experts you would see in this grouping would be for example; IT Forensic Investigators, Affected Individual Notification & Call Centre, Insurer or Broker, Credit/ID Monitoring, the firm’s Breach Coach, PR and, finally, your external Legal Advisor.

Step 3: Establish Protocols

These are your “rules of the road” that will apply when responding to a breach.

Step 4: Define The Firm’s Procedures

The plan itself. This consists of four stages:

• Detection of breach;
• Triage and containment;
• Assessment; and
• Notification and evaluation.

Step 5 : Define Upkeep Frequency

Step 5 sets out the frequency for the plan to be tested and reviewed.

Download our brochure to learn more

Download the UK brochure

Download the Irish brochure

Contact us

For more information or to schedule a demonstration of the DAC Beachcroft Breach Response Planner, please contact BreachPlanner@dacbeachcroft.com, or call +44 (0)20 7894 6088 (UK) or + 353 1 231 9600 (Ireland).