GDPR: Why We’re Thinking About Crisis Management & Business Continuity

Feb 26, 2018

Back to Veoci BlogGDPR: Why We’re Thinking About Crisis Management & Business Continuity

Six years ago, the General Data Protection Regulation (GDPR) was first proposed to the EU. Two years ago, the EU passed the new regulation. And in 3 months, GDPR will take effect. GDPR has a broad scope. We know just as much as anyone else about the new regulation. And we’ll have to wait for May to roll around to see how it will work. But considering how transformative GDPR will be and how quickly those 3 months will go by, everyone needs to start thinking and talking about it.

GDPR at a Glance

GDPR will change the business landscape in the EU

GDPR has two main goals:

  1. To give EU citizens more power over their personal data.
  2. To streamline international business involving personal data.

Given that the law is going to make major changes to any and all sectors in which EU citizens’ personal data plays a role, it’s no wonder that GDPR is an extremely complex piece of legislation, with a lot of parts that each require careful consideration. Businesses foreign to the EU are required to comply with the regulation if they wish to offer their services and products to EU citizens. Most of the regulation directs organizations on how to handle personal data, but what would happen if they ever lost their grip?

Why Crisis Management and Business Continuity are on Our Minds

One article outlines this scenario, and it’s why we’ve got crisis management and business continuity on our minds: Article 33. This section of GDPR pertains to data breaches. More specifically, the article outlines required actions for companies experiencing data breaches to take. In a nutshell, these requirements are:*

  • Inform their respective supervisory authority**
  • Inform any EU residents with negatively affected personal data
  • Offer recommendations for mitigating the effects
  • Direct EU residents to where they can obtain more information
  • Document the whole event (for ensuring regulatory compliance)

All of this has to be done within 72 hours of the breach. 

With time as such an important factor, it’s easy to see why preparation for possible incidents is essential. Planning and preparedness are at the heart of business continuity, crisis management, and risk management. We’ll have to wait for May (at the earliest) to see what guidelines, policies, standards, and certifications GDPR will require here, but there are already clearly established best practices that it will most likely become requirements in executing the law’s mandates. *To read the full version of GDPR and Article 33, see **Supervisory authorities will ensure companies maintain compliance with the regulation.

Best Practices: Crisis Management

Planning for crisis management and business continuity

A business’ response to an incident is known as crisis management. If you follow crisis management best practices, you already know what your response to any incident is. It’s all about having all of your ducks in a row before a crisis strikes. Every crisis has parts the need to be played by ear, but anything that can be prepared for should be prepared for. Beam your notifications out. Assign your recovery tasks. Establish safe communication channels. Don’t stop there, however. Keep your plans in arm’s reach and craft plans for every scenario. Know how they’ll function by running drills for each plan. You might not see every flaw on paper, but regular dry runs should make any leaks known (plus, your team will get some very valuable practice). Crisis management is all about your response. Preparation and planning can do a lot of the heavy lifting for your business when a crisis happens. But how do you bounce back after everything’s been said and done?

Best Practices: Business Continuity

Recovery is the purpose of business continuity. Each incident will leave a unique impact on your business and will require special care to remedy entirely. First, you’ll need to run some analytics. Business impact analyses (BIAs), risk assessments, and after action reports can help you recognize priorities, crucial tasks, downtimes, and the overall total impact. Use these to inform the next steps. You’ll have to assign and perform tasks to get your business back on its feet. Apply the results of your analyses. Get your most important business functions back up and running. Crisis management and business continuity are cyclic and inform one another. Don’t let your analyses gather dust. Inject the results into your plans to improve your response to the next crisis. You might even recognize the need for a new plan. Feed the whole cycle continuously to make sure your business is as prepared as possible.

GDPR: Takeaways and Lessons

Even if your business won’t be affected, GDPR and Article 33 are great reminders of how important crisis management and business continuity is. Anticipate what’ll happen and know how you’ll respond. Planning and preparedness are the keys to successfully handling an unexpected crisis.

Technology is changing how organizations prepare for disasters. Read about some of the biggest shifts technology has brought to crisis management and business continuity!

Veoci can help you build the solution your business needs. See what we’ve done for other businesses and how we can help yours!  

Subscribe to the Veoci Blog

Receive all the latest emergency, crisis, and continuity management news, tips, and advice

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Related Posts

Business Continuity vs ITDR: What are the Differences?

In the past, you may have heard the terms “business continuity” and “disaster recovery” used in conjunction, or even interchangeably, but what do they really mean? You probably won’t be surprised to discover that they have many similar goals when it comes to recovering from an unplanned incident and restoring essential functions, but it is the nuances of their differences that are really crucial to understand.

Continue reading
Maintaining Institutional Knowledge: Building an Effective BCMP

Much of the strength behind a BCMP solution lies in the institutional knowledge it inherently establishes. There are many platforms out there that can help you build your BCMP components, but it is essential that you find one that also has the capacity to foster institutional knowledge.

Continue reading
Getting the Most Out of Real-World Exercises

Exercising a BCP is rarely as simple as the online guides suggest. A business continuity manager has to jump through a lot of hoops to get that final, show-ready polish on a BCP. They’re often chasing buy-in from each corner of the organization and bugging business unit leads and department managers to test BCPs and record the outcomes. What can a business continuity manager do to encourage the heads in their organizations to actively participate and do their part in preparing for disruptions?

Continue reading

Connect with us on Social Media

Join us on our journey to improve emergency, operations, and continuity management!

Veoci Facebook PageVeoci Twitter AccountVeoci Linkedin Company Page

Face crisis and continuity challenges with expert solutions designed for you and your teams.

Learn how Veoci puts you in control