With a record number of
data breaches last year and a steady stream of new revelations about the misuse of data, you may think you’ve heard everything there is to know about data breaches.
You’d be wrong.
Now, with the General Data Protection Regulation (GDPR) fully implemented, there’s yet another way for companies to be in breach of data privacy laws. GDPR is a sweeping set of rules governing the handling of European Union members’ personal data, no matter where it is. It came into full force in May, and breaches carry huge fines — up to 4 percent of a company’s annual global turnover or €20 million (whichever is greater).
What is a breach under GDPR?
GDPR defines it as a “breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data.” Under GDPR, entities have only 72 hours to notify a supervisory authority, which is also known as a data protection authority (DPA). Data controllers are required to report breaches to the authority, while processors must report them to their controllers.
コメント