Data Security Breaches
The GDPR has introduced mandatory breach notifications. All breaches must be reported to the Data Protection Commission (DPC), typically within 72 hours, unless the data was anonymised or encrypted. In practice this means that most data breaches must be reported to the DPC. Breaches that are likely to bring harm to an individual – such as identity theft or breach of confidentiality – must also be reported to the individuals concerned.
It is worth noting that a failure to report a breach when required to do so could result in a fine, as well as a fine for the breach itself.
If you discover a breach or potential breach, inform your head of department who should then inform the Information Compliance Manager (firstname.lastname@example.org) and complete Section 1 of the Personal Data Security Breach Report Form.