By Ian Bevington, Oak Innovation
GDPR states “The controller should communicate to the data subject a personal data breech, without due delay, where that personal data breach is likely to result in a high risk to the rights and freedoms of the natural person in order to allow him or her to take the necessary precautions”.
In GDPR terms, a personal data breach is defined as a breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed. Notification should be provided within 72 hours unless there is a very good reason for the controller to delay. A personal data breach notification needs to come with information including who to get in touch with, typically the data protection officer, the types of data affected, the number of data subjects affected and what has been done since the breach.
GDPR does identify exceptions where breach notification is not required, for example where encryption has been used, or where the data controller has been able to take steps to eliminate any risk.
Some of the most serious breaches include sensitive personal data, for example financial or health records. A breach of this kind could have serious consequences for the data subject, such as financial losses or damage to reputation. Unsurprisingly, GDPR makes no allowance for the hassle and cost associated with the management of a data breach.
How Can Oak Help?
- Oak Innovation’s recording solutions store all voice and screen in an encrypted data format. Any data beach would not be considered a risk to the data subject.
- GDPR clearly states that data processors should only store necessary information about a data subject. Oak Innovation’s PaymentAssist is a cloud-based payment automation service that eliminates the need to expose or store card information on-site.
- Oak innovation’s GDPR module assists organisations to manage the data subjects’ right to be forgotten through a range of features and reports.
To find out more, contact email@example.com or call 0800 9889 625.