Incident Management of Personal Data Breaches
A personal data breach occurs when a company/organization suffers a security incident concerning the data for which it is responsible, resulting in a breach of confidentiality, availability, and data integrity.
Therefore, this situation, if not properly and timely resolved, can cause physical, property or non-property damage to data subjects, as well as the following: identity theft or fraud, damage to the person's reputation, loss of control over their own data, financial loss, loss of confidentiality of data, etc.
When the breach occurs, and if it poses a risk to someone's rights and freedoms, the company/organization must notify the supervisory authority (within 72 hours of becoming aware of the breach). If the notification is not transmitted within 72 hours, it must be accompanied by the reasons for the delay.
If the data breach is of high risk to the individuals affected, they must be informed by written communication in clear and easily understood language. It is, therefore, crucial for an organization to implement appropriate technical and organizational measures to avoid possible situations of this kind.
These situations can occur due to a number of factors:
- Loss of documents or theft of documents;
- Destruction of documents or equipment;
- Poor access controls;
- Ineffective data management;
- Inadequate protection against cyber threats;
- Unprotected transmissions;
- Lack of control;
- Faulty equipment;
- Employees lacking training in the area, negligent or with bad intentions.
In light of this, it was defined that PARTTEAM & OEMKIOSKS will respond to these situations in the following ways:
- Assemble a team responsible for managing the incident;
- Identify what personal data has been compromised;
- Notify the control authority;
- Notify the criminal police;
- Determine circumstances that may be mitigating;
- Notify other people or entities that may have been affected;
- Communicate with those who have had their personal data compromised.
PARTTEAM & OEMKIOSKS will cooperate with the Control Authority by sending reports, requests for opinions and guidelines whenever necessary.