Data breach process¶
Related Topics¶
Security systems and data access policies
This procedure applies in the event of a personal data breach.¶
A personal data breach can be broadly defined as a security incident that has affected the confidentiality, integrity or availability of personal data. In short, there will be a personal data breach whenever any personal data is lost, destroyed, corrupted or disclosed; if someone accesses the data or passes it on without proper authorisation; or if the data is made unavailable and this unavailability has a significant negative effect on individuals.
The GDPR draws a distinction between a ‘data controller’ and ‘data processor’ in order to recognise that not all organisations involved in the processing if personal data have the same degree of responsibility. Each organisation should establish whether it is data controller, or a data processor for the same data processing activity; or whether it is a joint controller.
In the normal course of our business Potentiality can act as a data controller and/or a data processor. A processor must notify the data controller of the breach. This may be the direct client of Potentiality or third-party supplier in the case where Potentiality is a reseller.
Responsibility¶
- All users (whether employees/staff, contractors or temporary employees/staff and third-party users) and the Board of WCBS are required to be aware of, and to follow this procedure in the event of a personal data breach.
- All employees/staff, contractors or temporary personnel are responsible for reporting any personal data breach to the DPO (in the absence of the DPO a member of the Executive team should be informed)
- The Data Protection Officer (DPO) has a specific task to coordinate with the supervisory authority (when Data Controller) and act as the focal point for matters pertaining to processing.
sub-pages¶
0 0