Compliance after a data security breach has occurred
Once an organisation has responded to and resolved a data security breach issue, it should:
- conduct an internal audit to determine the root cause(s) of the data security breach;
- determine what remediation measures are required to prevent or minimise the possibility of any recurrence of the data security breach; and
- implement the necessary remediation measures and monitor their effectiveness.
Consideration should be given to whether offshore data transfers comply with APP 8 and whether an offshore data transfer agreement is required.