GDPR: Why We’re Thinking About Crisis Management & Business Continuity

Feb 26, 2018

Back to Veoci BlogGDPR: Why We’re Thinking About Crisis Management & Business Continuity

Six years ago, the General Data Protection Regulation (GDPR) was first proposed to the EU. Two years ago, the EU passed the new regulation. And in 3 months, GDPR will take effect. GDPR has a broad scope. We know just as much as anyone else about the new regulation. And we’ll have to wait for May to roll around to see how it will work. But considering how transformative GDPR will be and how quickly those 3 months will go by, everyone needs to start thinking and talking about it.

GDPR at a Glance

GDPR will change the business landscape in the EU

GDPR has two main goals:

  1. To give EU citizens more power over their personal data.
  2. To streamline international business involving personal data.

Given that the law is going to make major changes to any and all sectors in which EU citizens’ personal data plays a role, it’s no wonder that GDPR is an extremely complex piece of legislation, with a lot of parts that each require careful consideration. Businesses foreign to the EU are required to comply with the regulation if they wish to offer their services and products to EU citizens. Most of the regulation directs organizations on how to handle personal data, but what would happen if they ever lost their grip?

Why Crisis Management and Business Continuity are on Our Minds

One article outlines this scenario, and it’s why we’ve got crisis management and business continuity on our minds: Article 33. This section of GDPR pertains to data breaches. More specifically, the article outlines required actions for companies experiencing data breaches to take. In a nutshell, these requirements are:*

  • Inform their respective supervisory authority**
  • Inform any EU residents with negatively affected personal data
  • Offer recommendations for mitigating the effects
  • Direct EU residents to where they can obtain more information
  • Document the whole event (for ensuring regulatory compliance)

All of this has to be done within 72 hours of the breach. 

With time as such an important factor, it’s easy to see why preparation for possible incidents is essential. Planning and preparedness are at the heart of business continuity, crisis management, and risk management. We’ll have to wait for May (at the earliest) to see what guidelines, policies, standards, and certifications GDPR will require here, but there are already clearly established best practices that it will most likely become requirements in executing the law’s mandates. *To read the full version of GDPR and Article 33, see gdpr-info.eu. **Supervisory authorities will ensure companies maintain compliance with the regulation.

Best Practices: Crisis Management

Planning for crisis management and business continuity

A business’ response to an incident is known as crisis management. If you follow crisis management best practices, you already know what your response to any incident is. It’s all about having all of your ducks in a row before a crisis strikes. Every crisis has parts the need to be played by ear, but anything that can be prepared for should be prepared for. Beam your notifications out. Assign your recovery tasks. Establish safe communication channels. Don’t stop there, however. Keep your plans in arm’s reach and craft plans for every scenario. Know how they’ll function by running drills for each plan. You might not see every flaw on paper, but regular dry runs should make any leaks known (plus, your team will get some very valuable practice). Crisis management is all about your response. Preparation and planning can do a lot of the heavy lifting for your business when a crisis happens. But how do you bounce back after everything’s been said and done?

Best Practices: Business Continuity

Recovery is the purpose of business continuity. Each incident will leave a unique impact on your business and will require special care to remedy entirely. First, you’ll need to run some analytics. Business impact analyses (BIAs), risk assessments, and after action reports can help you recognize priorities, crucial tasks, downtimes, and the overall total impact. Use these to inform the next steps. You’ll have to assign and perform tasks to get your business back on its feet. Apply the results of your analyses. Get your most important business functions back up and running. Crisis management and business continuity are cyclic and inform one another. Don’t let your analyses gather dust. Inject the results into your plans to improve your response to the next crisis. You might even recognize the need for a new plan. Feed the whole cycle continuously to make sure your business is as prepared as possible.

GDPR: Takeaways and Lessons

Even if your business won’t be affected, GDPR and Article 33 are great reminders of how important crisis management and business continuity is. Anticipate what’ll happen and know how you’ll respond. Planning and preparedness are the keys to successfully handling an unexpected crisis.

Technology is changing how organizations prepare for disasters. Read about some of the biggest shifts technology has brought to crisis management and business continuity!

Veoci can help you build the solution your business needs. See what we’ve done for other businesses and how we can help yours!  

Subscribe to the Veoci Blog

Receive all the latest emergency, crisis, and continuity management news, tips, and advice

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Related Posts

Getting the Most Out of Real-World Exercises

Exercising a BCP is rarely as simple as the online guides suggest. A business continuity manager has to jump through a lot of hoops to get that final, show-ready polish on a BCP. They’re often chasing buy-in from each corner of the organization and bugging business unit leads and department managers to test BCPs and record the outcomes. What can a business continuity manager do to encourage the heads in their organizations to actively participate and do their part in preparing for disruptions?

Continue reading
How IT Outages Affect Businesses: Recognizing and Preventing Outages

How much damage can a business system outage cause? As is pretty clear these days, they happen often, and can have serious impact. Take, for example, Visa’s payment network outage. On June 1st, 2018, Visa’s payment system in Europe went down for nearly ten hours, halting many personal and bank transactions. The massive, complex nature of the system made it difficult to pinpoint the root cause of the outage, adding hours of downtime and many degrees of frustration for the company’s customers. After performing their root cause analysis, the company identified a “very rare partial failure” of a switch in one of their data centers as the cause of the outage.

Continue reading
Top 5 Takeaways from DRI 2019

If there was one very clear theme to this year’s DRI conference in Las Vegas, it was the importance of having a diverse community in the world of business continuity management (BCM). From the sessions to the talking points in the exhibit hall, it’s clear that the future of BCM depends on having a strong and diverse community of practitioners and leaders. Here’s our top 5 takeaways from DRI 2019.

Continue reading

Connect with us on Social Media

Join us on our journey to improve emergency, operations, and continuity management!

Veoci Facebook PageVeoci Twitter AccountVeoci Linkedin Company Page

Face crisis and continuity challenges with expert solutions designed for you and your teams.

Learn how Veoci puts you in control