It ends Data breach is used when one occurs violation of personal data, or the destruction, loss, modification, unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed.
Some examples?
The data violated with a data breach can concern various areas:
- Financial: theft of credit card data, current accounts…
- Industrial property: trade secrets, patents, confidential documentation, customer list, projects aimed for example at unfair competition practices…
- Personal: identity documents, codes and personal materials…
- Healthcare: information on personal health…
What to do in case of personal data breach?
Whether you are a public entity, a company or a professional, within 72 hours of becoming aware of the data breach it is important to notify the breach to Guarantor for the protection of personal data unless the personal data breach is unlikely to result in a risk to your or a third party’s rights and freedoms.
It is important to communicate all violations of personal data to the Guarantor, for example by preparing a specific register. This documentation allows the Authority to carry out any checks on compliance with the legislation.
How to send the notification to the guarantor?
The notification of a personal data breach must be sent to the Guarantor via a specific electronic procedure, made available on the Authority’s online services portal.
THE notification must contain the information indicated in the art. 33, par. 3 of Regulation (EU) 2016/679 and indicated in the annex to the Guarantor’s Provision of 30 July 2019.
Attached to the provision is a form that can be downloaded and filled out.
Once created, the notification must be signed with a digital signature and sent to the Guarantor via PEC email to ufficio@pec.gpdp.it. It can also be sent via ordinary e-mail signed with a handwritten signature and accompanied by a copy of the signatory’s identity document.
The subject of the email must be “NOTIFICATION OF PERSONAL DATA BREACH”.
The Guarantor may subsequently prescribe corrective measures if a violation of the provisions of the Regulation itself is detected, also with regard to the adequacy of the technical and organizational security measures applied to the data subject to the violation. There are financial penalties that may arrive up to 10 million Euros.
latest posts published
Lokky, the Italian data driven insurtech for professionals and SMEs
An ally for cyber security: Load Balancing
Business Trend 2023 for SMEs, professionals and commercial activities
Occupational risks for pastry shops
How to read a pay slip
What are the most common cyber risks and how to protect yourself
Clinical Risk: What it is and What are the consequences
Commercial activities most affected by theft
October is European Cyber Security Month
