Personal Data Breach

To ensure protection of personal data and the rights and freedoms of data subjects, the GDPR (articles 33 & 34) requires public and private organizations to take measures to prevent personal data breaches.

Unfortunately, there is no such thing as zero risk. That’s why each organization must also set up procedures to quickly respond to and fix security breaches that could impact personal data.

Personal data breaches represent a major challenge for an organization’s brand image. They are getting increased attention in the media. An organization that allows a breach is often viewed as negligent and not to be trusted with personal data.

A personal data breach can be defined as a security incident that compromises the confidentiality, integrity or availability of personal data. A breach may be deliberate or accidental, and with or without malicious intent.

The level of risk involved in personal data protection is proportional to the number of processing activities the organization performs, regardless of their purpose.

All public and private organizations are concerned. Organizations handling sensitive data are especially impacted by breaches that compromise data security.

From the moment an organization starts to collect and process personal data, even indirectly, there is a risk.

All processors and contractors that process personal data do so on behalf of a data controller.