Forensic Breach Response in Compliance with GDPR

Sammanfattning: Modifications and new approaches for breach response and forensic investigations for compliance with the General Data Protection Regulation, GDPR, is to be expected in May 2018. This paper brings forth the conclusion that engagement from top management is crucial in order to comply with the GDPR requirements. The importance of having a vision and a strategy assessing the matters of breach response, so that resources can enable procedures for an investigation, is articulated. To enable appropriate countermeasures, a clear understanding of the regulation is essential and presented in terms of severity of risk to the rights and freedoms of an individual. Including required actions to take upon a breach and the time-frame of each obligation. Furthermore, the report discusses an approach to approximate the number of individuals being affected by a breach, through looking at the intrusion point. This is an essential step since every incident report that needs to be communicated to Datainspektionen needs to assess the approximate number of individuals affected. Assessing the effects of an incident through the intrusion point-approach, is an initial step before the forensic analyst may define the exact number of affected individuals.