🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays
Call us on +(33)4 28 70 91 81
Log in

What is a GDPR data breach?

Home What is a GDPR data breach?

A data breach can come from a variety of sources and occur at any time. It can result from a computer attack (e.g. ransomware/ransomware) or loss of computer hardware (e.g. computer, USB stick, etc.).

Regardless of the source, data breach is characterized by the destruction, loss, alteration, unauthorized disclosure of personal data. It has the consequence of compromising the integrity, confidentiality or availability of the data involved.

How to protect data from potential threats?

To prevent these violations, the security obligation imposed by the GDPR must be met. Measures must be taken proportionate to the risks involved. These measures can be detailed in your internal personal data management policy. For example, you can implement the following measures:

  • Start by raising awareness among your teams about data security issues
  • Secure your information system (for example: regularly change the passwords of each computer session, carry out regular backups, regulate access to premises, etc.)
  • Set up a secure authentication system and partition access to data according to each person's authorizations
  • Write a procedure to follow when identifying a data breach to ensure incident traceability and effective management
  • Secure your website
  • Make sure your contractors have sufficient security measures in place and will notify and assist you in the event of a data breach

The CNIL has produced a personal data security guide to help you. You can also consult our webinar on September 21, 2021 on the issues of technical and organizational measures in terms of IT security.

The response to the survey In the event of high risk, what is the deadline for notifying the CNIL of a data breach?

During a survey carried out on February 1 on our LinkedIn page, we asked you what is the deadline for notifying the CNIL of a data breach, in the event of a high risk.

You were strong! Out of 282 voters, 64% of you voted "72 hours".

How to react to a data breach?

When you identify a data breach, you need to act quickly to limit the damage. In the event of a risk, the notification deadline to the CNIL is 72 hours from the discovery of the violation. But if this deadline is exceeded, you will have to justify this delay to the CNIL.

Keeping an incident register allows you to meet your accountability obligation, according to which you must document all elements relating to your compliance. With Data Comply One (formerly Mission RGPD) you can simply keep your incident register. Report your incident and assess its seriousness. The software will guide you in risk assessment. Depending on its severity, you will know if you need in addition to the mention in the register:

  • Only notify the CNIL within 72 hours of your knowledge of the violation.

Or

  • Inform the CNIL as well as the people concerned

Data Comply One (formerly Mission GDPR) and data breaches

With Data Comply One (formerly Mission RGPD) you can simply keep your incident register. Report your incident and assess its seriousness. The software will guide you in risk assessment. Depending on its seriousness, you will know if you must, in addition to the entry in the register, only notify the CNIL within 72 hours of your knowledge of the violation. Or if you also need to notify the people concerned.    

Don't waste any more time, it's so simple!

Request a demo
Other articles
on the same subject