Here be dragons - first steps for a corporate navigating the unsure waters of a data breach

Corporate entities are increasingly making headlines in relation to data breaches. Alongside the potentially harmful reputational impact of a data breach, corporates also face increasingly severe sanctions under the incoming General Data Protection Regulation (‘GDPR’). Corporates therefore need to be aware of the steps they can take to minimise the risk of a data breach as well as what to do in the event of such a breach. This article considers steps such as the initial investigation into the breach, potential injunctions to apply for, communications with customers, coordinating with regulators and authorities as well the types of preventative measures that a corporate should consider putting into place. This article first appeared in the November 2017 edition of Butterworths Journal of International Banking and Financial Law.