The General Data Protection Regulation (GDPR) Act is a broad set of data privacy rules that define how an organization must handle and protect the personal data of citizens of the European Union (EU). The Regulation also outlines the way that organizations can report a data breach.

Articles 33 and 34 outline the requirements for breach notification; however, most businesses are still unaware of their responsibilities. Details such as what an organization should report, when, to whom it should be reported, and what should be included in the breach notification are some of the major aspects that businesses overlook. This negligence can result in substantial fines.

As a Data Controller, (It stores and/or handles data.) the business has several key responsibilities including taking necessary measures as well as notifying concerned authorities and affected individuals in an event of a data breach.  Let’s first understand what a personal data breach is, as per the GDPR Regulation.

What is a Personal Data Breach?

GDPR Regulation is a data privacy law established to protect the personal data of citizens of the EU. Technically, the applicability of the GDPR breach notification requirements apply to only the personal data breached. For a better understanding, let us break down the term “personal data breach” into two parts.

According to GDPR, “personal data” can be defined as any information that relates to a natural identifiable person such as their name, contact details, or health records as well as similar identifying information, specifically of the citizens of the EU. A data breach is an event that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access of personal data. A data breach often occurs when an unauthorized individual or a cyber-criminal gets access to an organization’s database whether through intrusion or due (Read more...)