Crisis Preparedness is not only a source of competitive advantage, but it is also best management practice and mandatory under GDPR as well

  • Crisis prepared organisations see massive disruption events as an opportunity to capture the market while rivals flounder
  • Crisis prepared organisations assess and test processes to minimise the risk of cyber incidents and ensure GDPR compliance so as to minimise fines

Have a plan and regularly test, assess and evaluate it

Having a cyber incident response plan is a significant step toward preparing for GDPR. Article 29 Data Protection Working Party, set up specifically to clarify parts of the GDPR, agreed that breach prevention and response is key to any security policy. Specifically, Article 32 of the law states that technical and organizational measures need to provide:

“(b) the ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services;

(c) the ability to restore the availability and access to personal data on time in the event of a physical or technical incident;

(d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.”

We are all under pressure to meet our obligations under the GDPR (and DPA) and want to avoid the wrath of the regulator, that could include not only significant potential fines, but also the loss of the right to process data. An essential part of this obligation – one that is often overlooked – is the need for “regularly testing, assessing and evaluating”. Key to this is having a cyber incident response plan in place to define how you’d respond to a cyber incident, as well as the ability to test this plan to ensure that it is effective.

We recommend annual scenario planning workshops to review the threat landscape and revise both your crisis management plan and your cyber incident response plan accordingly. We also recommend annual or bi-annual immersive simulation exercises to put your team to the test and ensure that they are crisis ready. It is the only effective way to test your crisis preparedness and so to meet your obligations under the GDPR.

Preparation is all about planning


Scenario planning workshops: review the threat landscape and revise both your crisis management plan and your cyber incident response plan accordingly.

Preparation is all about testing

crisis simulation

Immersive simulation exercises: put your team to the test and ensure that they are crisis ready.

Learner drivers can use a test track to learn the basics of how to drive a car and understand what the controls do, but it is not until they practice on real roads and start to develop road sense that their driving really starts to improve, and even then it takes years of experience driving on real roads and in real conditions to become a really good driver.

This is not only why insurance for young drivers is so high, but it is also why crisis exercises with PowerPoint won’t prepare you for real-world conditions. You need to conduct regular crisis management drills using fully immersive scenario simulations in order to properly prepare your team and ensure that they are really crisis prepared.

A recent study by AON insurance found that 40% of companies aren’t confident that their crisis teams could handle a crisis. Simulations allow the team to rehearse in a realistic safe environment and you get to see them in action. More practice means teams are better prepared in case of crisis.

Simulations meet all adult learning principles because they are goal-oriented, participants can leverage their past experience and the scenario is relevant to their job.

Adding technology allows individua and team performance to be better calibrated and measured between successive exercises.

There is no need fir the team to be in the same physical space nr in the same locatin as the control team or role players. This saves time, mney and reduces disruption in normal times. It also makes simulations the only option during lockdowns.

Bringing your crisis management training to life.

Watch our demonstration video
We can tailor our immersive simulation training exercises to your needs and your specific threat landscape.