Incident Management is an important field that I am really fond of, and have decided to focus my energy on when it relates to my job working with privacy and GDPR. Incident management is a large part of the daily work when meeting the demands for compliance, where accuracy and time is of the essence.

During these studies I have unfortunately not been able to interact as much as I would have liked, due to two cases of illness in the short 3-4 weeks this course has been held. However, I have interacted quite a bit with peers and authorities on the matter, learning more details about how to improve incident management in relation to the new privacy laws.

First of all I have had extensive contact with Datatilsynet, the national authority in privacy and data management in Norway. We discussed possible ways to handle incident management effectively under the new law, and what is expected of me as an incident management handler. GDPR states that all incidents affecting data relating to any data subject, MUST be reported within 72 hours to the authorities – containing a list of information relating to the incident. Being able to meet the standards for information quality, the standards I have learned to use in this course have helped me to understand better how a good quality incident report should be created.

Secondly I have discussed some matters with others in the class, mostly related to technical sides of incident management. These discussions have mostly been via Skype, since I have been sick for almost half the course period. But our discussions have been og great use and I feel I have a better understand of incident management due to these discussions.