We have experienced a high demand for help with privacy incident management processes and simulation training over the last six months, prompted by the anticipated introduction of mandatory reporting of serious data breaches from February 2018.  We now offer a data breach response readiness package which can be tailored to different requirements.


Privacy complaints and incidents are unfortunately a part of everyday life for most large organisations.  Until now, most organisations across  public and private sectors have had the freedom to keep serious privacy breaches from public exposure, with no obligation to tell affected individuals or the regulator.  This will all change in February 2018.

Our role 

In this case, elevenM was asked to review our client’s existing approach to privacy breach management and its internal protocols for dealing with complaints and incidents.  We used our findings to deliver an incident preparedness program including a data breach response plan (with supporting artefacts such as a RACI, communications plan, contact list, decision tree for notification and reporting templates).  We ran a series of training events and two simulations to prepare stakeholders for the roles that they would play in managing breaches, including where the threshold for mandatory reporting was reached.  We have been engaged to run a further series of simulations with internal stakeholders over the course of 2018.

The specifics 

elevenM developed a program which:

  • clarified the roles that different stakeholders would play in identifying, responding to and managing an incident
  • helped our client to develop a data breach response plan with a RACI, communications plan, contact list, decision tree for notification and reporting templates which mapped to existing organisational frameworks and policies
  • delivered training and awareness for staff at all levels
  • identified opportunities for continuous improvement within existing governance structures
  • tested these processes via simulation activities
  • helped our client’s team to raise its profile and highlight the role it would play in managing breaches amongst other staff