A personal data breach is defined as a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. The most important aspect for any colleague to understand is that if they encounter what they believe to be a breach then they should report this immediately to an incident investigator (such as your line manager or your Data Protection Officer) so that they can assess the breach and determine how it should be treated.
Certain actions are required if the impact of a breach reaches certain thresholds:
Reporting a Breach to the Regulator
- A breach which is believed could result in a risk to the data subject, must be reported to the supervisory authority within 72 hours of becoming aware.
Reporting a Breach to the Data Subject
- A breach which is believed could result in a high risk to the data subject must also be reported to the data subject.
It is apparent that the 72 hour reporting requirement put a big constraint on an organisations. Within this time the investigator needs to gather as much information as possible and evidence a plan of action to resolve the breach.
How can ProvePrivacy Help?
ProvePrivacy provides a Data Breach reporting tool to allow users to complete the required information needed to understand the circumstances of the breach and notify the appropriate teams to undertake the investigation and if required onward reporting. ProvePrivacy can create the data breach report and provides an audit trail of the actions undertaken to evidence compliance.
