GDPR & JumpCloud: Breach Notification

GDPR & JumpCloud: Breach Notification

In May 2018, data protection law in the European Union (EU) will be forever altered as the General Data Protection Regulation (GDPR) becomes enforceable. The GDPR is taking the place of the 1995 EU Data Protection Directive and is strengthening security and privacy as it relates to EU citizens and their personal data. The GDPR introduces many new requirements that will push organizations to comply with better data collection practices. One new requirement mandates that companies must notify appropriate authorities and individuals of a personal data breach within 72 hours (GDPR Art. 33). This post is going to take a closer look at what is involved with a breach notification and the steps JumpCloud would take should a breach occur.

Before diving into the breach notification component of the GDPR, consider exploring this site if you need to familiarize yourself with the GDPR, or brush up on some the GDPR terminology here. Now, we’ll explain what the GDPR means when it comes to breach notification.

Breach Notification

Breach Notification Report

When a data breach occurs that might affect the rights and freedoms of individuals, the GDPR requires controllers to notify appropriate individuals and supervisory authorities without undue delay and no later than 72 hours after the breach is discovered. If a processor discovers a personal data breach, they must notify the controller without undue delay (GDPR Art. 33). When a controller notifies the supervisory authority, the notification must include the following:

  1. The nature of the personal data breach including –  when possible – the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned.
  2. The contact information of the data protection officer or contact point where more information can be obtained.
  3. A description of the likely consequences of the personal data breach.
  4. A description of what the controller is doing, or going to do, to address the data breach and its possible harmful effects.

If the controller is unable to provide all of the information at once, controllers can provide the information in phases, but as quickly as possible.

When (Read more...)

*** This is a Security Bloggers Network syndicated blog from JumpCloud authored by Natalie Bluhm. Read the original post at:

Natalie Bluhm

Natalie is a writer for JumpCloud, an Identity and Access Management solution designed for the cloud era. Natalie graduated with a degree in professional and technical writing, and she loves learning about cloud infrastructure, identity security, and IT protocols.

natalie-bluhm has 171 posts and counting.See all posts by natalie-bluhm