Suppose you start your working day as usual, but are suddenly confronted with the following events:
there has been a hacker attack on your company server, allowing unauthorized persons to gain access to personal data or
there was a break-in into a company car – notebooks with personal data were stolen.
These events pose a threat to the protection of personal data.
Definition
Incidents that could lead to accidental or unlawful destruction, loss, change or unauthorized access to personal data are referred to as data breaches.
It is the duty of each data processor to inform the data controller immediately of any data breach.
Important
If a data breach occurs, data controller must fulfil a reporting and notification obligation. This means:
The data protection authority must be informed within 72 hours of becoming aware of the violation if this is likely to pose a risk to the rights and freedoms of the data subjects.
The additional notification of the data subjects is always necessary if there is likely to be a high risk for the rights and freedoms of the data subjects – e.g. if sensitive data were affected by the data breach.
Suppose you start your working day as usual, but are suddenly confronted with the following events:
These events pose a threat to the protection of personal data.
Definition
Incidents that could lead to accidental or unlawful destruction, loss, change or unauthorized access to personal data are referred to as data breaches.
It is the duty of each data processor to inform the data controller immediately of any data breach.
Important
If a data breach occurs, data controller must fulfil a reporting and notification obligation. This means:
-
Add a note