At IDPAA we fully understand the worry and concerns that a Personal Data Breach ignites in an Organisation. Business are now fully aware of their mandatory obligations under the GDPR to report a Breach. A Personal Data Breach is a breach in the security of the data which can lead to the, accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, transmitted, stored or otherwise processed. There are 3 categories to which a personal Data Breach can be broken into. Please be aware that a personal data breach could include a combination of all three.
-
Confidentiality Breach
-
This is un-authorised or accidental disclosure of, or access to personal data
-
Integrity Breach
-
This is the un-authorised or accidental alteration of personal data
-
Availability Breach
-
This is where there is accidental or un-authorised loss of access to or the destruction of personal data
How quick do you need to act? The clock starts ticking from the moment you are aware the breach has happened, and a Controller has 72 hours in which to notify the Supervisory Authority of the breach. The Controller must also be aware that if the rights and freedoms of the data subject are infringed the Data Subject must be notified without undue delay.
If a Processor becomes aware of a Breach in their activities and designation as a processor, they must notify the Controller without undue delay but not the Supervisory Authority, this is left in the capable hands of the Controller.
Not all breaches require reporting, however it is prudent to complete a risk assessment to clarify if the breach should be reported or not, it is a fact-based approach to deciding what course of action should be taken.
IDPAA provides support on breach assessments, supervisory reporting requirements and communication supports to impacted Data Subjects. We also take a holistic approach with regards to looking at the breach and working with the organisation in making sure that the likelihood of a similar breach happening in the future is reduced.
For more information about our Breach Support Service or if you are concerned about a Personal Data Breach please contact us via email paula@idpaa.ie or on +353 (0) 872681891