What is the personal data breach?
The term Personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. This disclosure may occur, by way of example, for the following reasons:
• accidental loss: for example, personal data breach caused by loss of a USB flash drive containing personal data;
• theft: for example, personal data breach caused by theft of a notebook containing personal data;
• corporate infidelity: for example, personal data breach caused by an internal person who, having authorization to access personal data, produces a copy to be distributed in a public environment;
• unauthorized access: for example, personal data breach caused by unauthorized access to IT systems with subsequent disclosure of the acquired personal data information.
The new European regulation on the protection of personal data (GDPR) provides for, upon the occurrence of certain circumstances, the obligation to notify the breach to the competent Supervisory Authority no later than 72 hours from the awareness as well as the communication of such breach to the impacted data subjects.