Data Breach

Context:

The GDPR acknowledges that data breaches can and do occur. It seeks to have processes and controls put in place to minimise the possibility of a breach, but when there is a breach to minimise the impact and to ensure that those affected are kept informed.

Considerations:

As with other aspects of the GDPR any communications with the data subject must be in clear and plain language.

Processes must be in place to share information about data breaches both with the individual and with the supervisory authority, these processes having specific timescales assigned to them.

Documentation sent to the individual or the supervisory authority must contain specific information.

How to:

Put in place appropriate technical and organisational measures to minimise the risk of a data breach taking place.

  • In the event of discovering the breach, without undue delay:
  • Describe the data breach, the number of data records affected, the number of individuals affected and the types of data affected
  • Provide a contact where more information can be obtained, this could be your Data Protection Officer
  • Describe the likely consequences of the breach
  • Describe the measures and plans to address the breach and the affects of the breach

The data controller should also notify the supervisory authority about the breach within 72 hours, providing the detail described above.

In all cases the information should be provided only if it does not present further risk to the individual.

If for any reason information is not able to be provided to the supervisory authority within 72 hours then the reasons for this delay must be explained.

References:

  • GDPR Recitals: 85, 86, 87, 88
  • GDPR Articles: 33, 34

How Gydeline helps

We, at Gydeline, help small and medium sized organisations save money and time by building systems, processes and policies that simplify their business and support their sustainability aims.  We do this with a range of services.

If you would like to discuss any aspects of dealing with this and other risks in your business we are always happy to offer some, free, no obligation assistance – just contact us.

Related Posts