The General Data Protection Regulation (GDPR) law is a broad set of data privacy rules that define how an organization should handle and protect the personal data of citizens of the European Union (EU). The policy also describes how organizations can report a data breach.
Articles 33 and 34 set out the requirements for the notification of violations; however, most companies are still unaware of their responsibilities. Details such as what an organization should report, when, to whom it should be reported, and what should be included in the breach notification are some of the main things businesses overlook. This negligence can result in substantial fines.
As the data controller (it stores and / or processes the data), the company has several key responsibilities, including taking the necessary measures as well as notifying the authorities concerned and the persons concerned in the event of a data breach. Let’s start by understanding what a personal data breach is, according to the GDPR regulation.
What is a personal data breach?
GDPR is a data privacy law established to protect the personal data of EU citizens. Technically, the applicability of GDPR breach notification requirements only applies to breached personal data. For a better understanding, let’s break the term âpersonal data breachâ into two parts.
According to the GDPR, “personal data” can be defined as any information relating to an identifiable natural person, such as name, contact details or medical record, as well as similar identifying information, in particular of citizens of the EU. A data breach is an event that results in accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data. A data breach often occurs when an unauthorized person or cybercriminal gains access to an organization’s database, either by intrusion or by reason (Read More …)