To help its clients comply with the GDPR provisions applicable to data breaches, Baker McKenzie is launching mobile “Data Breach 72” application.It is a multilingual App, with its first version in French and English.
The development of this application follows on from one of the projects presented in February in the framework of the hackathon organised by Baker McKenzie, the first event of its kind run by an international business law firm which won the Prix Opéra 2018 award in the “Customer Relations” * category.
The hackathon, the outcome of its collaboration with Ecole 42 and Schoolab, is part of the firm’s innovation programme which aims to rethink the way in which lawyers deal with the digital challenges facing their clients.
In a few clicks, “Data Breach 72”: (i) makes it possible to identify the existence of a data breach, within the scope of application of the GDPR or not, (ii) helps to establish whether or not it is necessary to notify the competent supervisory body (CNIL in France) within 72 hours and, in this case, (iii) prepares an initial draft of content that can be used as a basis of this notification, and which can be shared.
Developed in partnership with the Digi-tales agency, by using a simple questionnaire, this mobile application makes it possible to establish the type of data that has been leaked, the nature of the incident (hacking, hardware incident, etc.) and the category of persons concerned by the breach (employees, clients, etc.).
Once the incident has been analysed, “Data Breach 72” uses pre-established menus to ask the user to indicate whether, to the best of its knowledge, measures have been taken to limit the consequences of the data breach for the persons concerned. In doing this, it establishes an intial assessment of the data breach. Data Breach 72 also provides a preliminary report summarising all the points specified by the GDPR which are required as part of the official CNIL notification.
“Data Breach 72” makes it possible to monitor, in real time, how long the company has left between having discovered the incident and having to notify CNIL officially (within a maximum of 72 hours).
“The GDPR obliges business to report data breaches, which could not be fixed and which present a risk for the persons concerned, to the competent control body (in France, the CNIL) within 72 hours. This is a very short period of time during which a certain number of people from different departments must understand what happened and coordinate to take appropriate action”, explained Yann Padova, a partner at Baker McKenzie in Paris and an expert in personal data protection.
“With our App, we offer companies a way to help evaluate, as rapidly as possible, whether or not there is an obligation to report security breaches or other personal data breaches by answering a few very simple questions”, pointed out Laurent Szuskin, partner and joint head of the IT/C practice at Baker McKenzie in Paris.
“Data Breach 72” can also be useful on a preventative and educational level, by simulating various data breach scenarios and their consequences in terms of whether or not notification is required. This way it helps us to be aware in advance of the potential risks of such events and to set the appropriate measures in place.
Lastly, “Data Breach 72” allows a company faced with a data breach the possibility of getting in contact with a specialist lawyer at Baker McKenzie (Paris office), who can assist step by step with the evaluation of the risk and, if necessary, with the CNIL notification procedure.
“With the ‘Data Breach 72’ application, we confirm the firm’s capacity to innovate. Regulatory compliance, in particular in relation to personal data protection, is a key challenge for our clients. Succeeding in assisting them in an innovative way helps to build up their trust in us on these matters” concluded Eric Lasry, Managing Partner at Baker McKenzie in Paris.
The ”Data Breach 72” application is available free of charge on iOS and Android.