Compliance after a data security breach has occurred

Once an organisation has responded to and resolved a data security breach issue, it should:

• conduct an internal audit to determine the root cause(s) of the data security breach;
• determine what remediation measures are required to prevent or minimise the possibility of any recurrence of the data security breach; and
• implement the necessary remediation measures and monitor their effectiveness.

Consideration should be given to whether offshore data transfers comply with APP 8 and whether an offshore data transfer agreement is required.