Incident Management of Personal Data Breaches

Headquarters: Rua Nova Nespereira, Pavilion 10 4770 - 287 Lagoa VN Famalicão Portugal
Coordinates: 41.3865, -8.4981
Production and Assembly: Rua Santo Adrião, Pav. A and B, Nº 217 and Nº 237 4760-160 - Vila Nova Famalicão
Coordinates: 41.4178, -8.5270
South Delegation: Espaço Avila Spaces - Av. República, 6, 7º ESQ, 1050-191 Lisboa, Portugal

Definition

A personal data breach occurs when a company/organization suffers a security incident concerning the data for which it is responsible, resulting in a breach of confidentiality, availability, and data integrity.

Therefore, this situation, if not properly and timely resolved, can cause physical, property or non-property damage to data subjects, as well as the following: identity theft or fraud, damage to the person's reputation, loss of control over their own data, financial loss, loss of confidentiality of data, etc.

When the breach occurs, and if it poses a risk to someone's rights and freedoms, the company/organization must notify the supervisory authority (within 72 hours of becoming aware of the breach). If the notification is not transmitted within 72 hours, it must be accompanied by the reasons for the delay.

If the data breach is of high risk to the individuals affected, they must be informed by written communication in clear and easily understood language. It is, therefore, crucial for an organization to implement appropriate technical and organizational measures to avoid possible situations of this kind.

These situations can occur due to a number of factors: