This website uses cookies. View our cookie policy
Select regional store:


What’s more, when reporting the breach you’ll need to explain how it could have been avoided – a sticky situation you won’t relish.

You can’t prevent a cyber attack from the beach, so get ready before you go. Our pick-and-mix security protection packages will provide a safety net and give you peace of mind. Act now to save money before you get burned.

Get #BreachReady today.

Many regulations such as the NYDFS Cybersecurity Requirements, DFARS (Defense Federal Acquisition Regulation Supplement), and EU GDPR (General Data Protection Regulation) require you to report information about a breach to a supervisory authority within 72 hours of its discovery.

For example, the GDPR requires you to report certain types of personal data breach to your competent supervisory authority. Who is your competent supervisory authority? You will know if you’ve signed up to our GDPR EU – Representative service. If you’ve registered in the UK, it will be the ICO (Information Commissioner’s Office). You or your representative can report a breach by calling the ICO’s helpline or completing an online form.

Finding out what the breach is, who has been affected, how extensive it is, and how it happened within 72 hours is not easy – especially when you want to use this time to start repairing damage caused by the breach.

Find out more about cybersecurity regulations in the US by state and by business area.

Reporting a breach to your GDPR supervisory authority:

Your reputation is on the line. How can IT Governance help?

The simple fact that no two organizations are ever the same means there can be no one-size-fits-all approach to the GDPR. To help you develop a successful and secure organization, IT Governance has developed three SPF (Security Protection Factor) offers to align with your business requirements and budget.


Situational analysis

What happened and how did it happen?

The cybersecurity incident response consultancy service can help you prepare for, respond to and recover from a wide range of cyber incidents and is based on best-practice frameworks developed by CREST, ISO 27001, and ISO/IEC 27035 (the international standard for cyber incident response).


Assessing data that is affected

How many personal data records have been affected? How many data subjects could be affected?

The data flow audit service provides a thorough audit of the personal data in your organization, and a data flow map that will help you identify where your data resides. This will help you to implement targeted measures to reduce the risk of an information security breach.


The Data Flow Mapping Tool simplifies the process of creating data flow maps, giving you a thorough understanding of the personal data your organization processes and why, where it is held, and how it is transferred.


Describing the impact

Explain the possible impact on data subjects. Was there any harm as a result of the breach?

Determining the likelihood and impact of a data breach is best done through a comprehensive information security risk assessment, enabling you to take appropriate action. Suitable for organizations of all sizes, vsRisk™ is a leading information security risk assessment tool that delivers fast, accurate, auditable, and hassle-free risk assessments year after year. Fully aligned with ISO 27001, it significantly cuts the consultancy costs typically associated with information security risk assessments.


Reporting on staff training and awareness

Did the staff member involved in the breach receive data protection training in the last two years?

This simple-to-use, interactive GDPR Staff Awareness E-learning Course for employees introduces the GDPR and the key compliance obligations for organizations. It aims to provide a complete foundation on the principles, roles, responsibilities, and processes under the Regulation.


The interactive Information Security Staff Awareness E-learning course teaches employees about the most important elements of information security, and aims to reduce the likelihood of human error by familiarising non-technical staff with security awareness policies and procedures.


This unique GDPR training program provides a comprehensive introduction to the requirements of the Regulation, and a practical guide to planning, implementing, and maintaining a GDPR compliance program.


ISO 27001 certified ISMS training

Learn how to achieve and demonstrate compliance with the latest information security regulations and laws such as the New York DFS Cybersecurity Requirements (23 NYCRR 500), HIPAA, FedRAMP, and the Sarbanes–Oxley Act with this combination of courses.


Preventive measures and taking action to address the problem

Describe any measures you had in place to prevent a breach. Explain the actions you have taken, or propose to take, as a result of the breach. Where appropriate, include actions you have taken to fix the problem and to mitigate any adverse effects.

ISO 27001 is the world’s leading information security standard, trusted by thousands of organizations. These ISO 27001 implementation bundles consist of a specially formulated combination of best-selling tools, hands-on guidance, and trusted resources that will help you implement an ISO 27001-compliant ISMS (information security management system) from start to finish.


Our penetration testing packages provide a complete security testing solution for your websites and IT systems. The fixed-cost packages are ideal for small and medium-sized organizations, or those with no prior experience of security testing.


About you: oversight

Your supervisory authority will require you to identify the DPO (data protection officer) or senior person responsible for data protection in your organization.

DPO as a service is a practical and cost-effective solution for organizations that don’t have the data protection expertise and knowledge to fulfill their DPO obligations under the GDPR.


GDPR EU – Representative is a service for organizations that do not have a suitable office or subsidiary with a physical presence in the EU. We can act as your point of contact for supervisory authorities and data subjects.

Why choose IT Governance?

  • We have an in-depth understanding of regulations such as the GDPR and how they can best be met
  • We provide a complete compliance support service to help organizations prepare for and adapt to the GDPR
  • Our specialist team has extensive international data protection and information security management project expertise

Terms and conditions:

Our offer is available only through, or by contacting our customer service team at or on +1 877 317 3454, until September 30, 2018. The following terms apply:

  1. This offer cannot be used in conjunction with any other offer.
  2. The discounts in our offer are applicable as follows:
    1. 10% discount applicable to purchases between $5,000 and up to $14,999 (excluding tax and shipping)
    2. 15% discount applicable to purchases between $15,000 and up to $29,999 (excluding tax and shipping)
    3. 20% discount applicable to purchases of $30,000 and above (excluding tax and shipping)
  3. The offer is available only on the products listed on this page:
  4. IT Governance operates on a first come, first served basis for training course and consultancy offerings
  5. IT Governance reserves the right to remove products and services from the offer, subject to the availability of trainers and consultants. Any refunds through Service Centre will take into account the above discounts
  6. We reserve the right to terminate this offer earlier than the date stated in this advertisement