Tag: data breach

Almost 60,000 Data Breaches since May 2018

Almost 60,000 Data Breaches since May 2018

Almost 60,000 Data Breaches Reported since GDPR Implementation in May 2018

In the Netherlands 15,400 data breaches have been reported up to 29 January 2019; in  Germany – 12,600; in the UK 10,600; and in Spain 670(!).

To date, 91 reported fines have been imposed under the new GDPR regime. The highest GDPR fine imposed to date is €50 million, by the CNIL to Google, notably not relating to a personal data breaches.

Many organizations have taken notice the new breach notification rules, no doubt in part due to concerns about the high sanctions for not notifying. It has lead to more than 59,000 personal data breaches being notified across Europe in the eight months since GDPR’s introduction. Not notifying data breaches has become a risky strategy under GDPR.

If you want to understand all about data breaches and or need a DPO, contact us, here.

The study was performed by DLA and can be found here.

Data breach – the obligation to inform the authorities

Data breach – the obligation to inform the authorities

If the General Data Protection Regulation (“GDPR”) is applicable to you, as of 25 May 2018 you will be obliged to inform the relevant authorities within 72 hours as of becoming aware of a data breach that you committed or your data processors on your behalf, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.

These notification must include:

  • description of the nature of the personal data breach including where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned;
  • communicate the name and contact details of the data protection officer or other contact point where more information can be obtained;
  • describe the likely consequences of the personal data breach;
  • describe the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.

Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.

Contact us if you would like us to consult us, perform an audit with respect this new obligation, or see if the GDPR applies to your business. We will be glad to be of help.

The use of Data Breach and other Data Protection Policies

The use of Data Breach and other Data Protection Policies

Background

It could happen to anyone a leak, a hack or a loss in their personal data storage system which imposes a risk to the rights and freedoms of natural persons. But how to react to a breach? Although probably everybody advocates transparency in data processing, the majority of reactions to such a breach is to try and hide it. the Equifax case shows that once again. The obligation to report and fines will come into force on May 25, 2018 under the General Data Protection Regulation of the European Union. Data breach and other data protection policies can help counter such issues.

The use of policies

Policies and procedures in general help to identify and to react to situations where action is needed. Once you have a policy, you can make your employees aware and train on how to react, and to resolve or escalate the issues. If you need help defining your personal data breach reporting policy, whistle blowing policy or need to understand when to report and to whom, we will be glad to be of assistance. 

Do contact us if you would like more information on the subject. Business Advice Spain is highly experienced in Data Protection matters. It has helped American companies for the last 15 years establish themselves in Europe.