Compliance after a data security breach has occurred

Once an organisation has responded to and resolved a data security breach issue, it should:

  • conduct an internal audit to determine the root cause(s) of the data security breach;
  • determine what remediation measures are required to prevent or minimise the possibility of any recurrence of the data security breach; and
  • implement the necessary remediation measures and monitor their effectiveness.

Consideration should be given to whether offshore data transfers comply with APP 8 and whether an offshore data transfer agreement is required.