Breaching the General Data Protection Regulation

GDPR is eventually breached when there are security risks that are not mitigated professionally. Any unauthorized access, disclosure or sharing of personal information; loss or unlawful destruction, alteration causes breach. GDPR requires that security incidents that might affect personal information are to be reported.

GDPR explains it as such: “A personal data breach may, if not addressed in an appropriate and timely manner, result in physical, material or non-material damage to natural persons such as loss of control over their personal data or limitation of their rights, discrimination, identity theft or fraud, financial loss, unauthorised reversal of pseudonymisation, damage to reputation, loss of confidentiality of personal data protected by professional secrecy or any other significant economic or social disadvantage to the natural person concerned.”

Organisation have 3 days or 72 hours to report the data breach to Information Commissioner’s Office (ICO) as well as providing individuals who are affected by the breach the following:

Contact details of data protection officer or responsible team members,

Short summary of the incident and its expected outcomes for them,

Summary of key steps taken to deal with the breach to individuals affected by the data breach.

It’s important to remember that risk mitigation measures should be increased after the breach.

Get in touch with us and book a GDPR gap analysis to see and mitigate your risk. training@cfecert.co.uk