Personal data breach
What they are and how to manage them
As specified in the guidelines of the European authority working group, a personal data breach means “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to, personal data transmitted, stored or otherwise processed.”
It’s useful to remember that a data breach is always a security incident, however not all security incidents are data breaches.
Articles 33 and 34 of the European Regulation only apply to personal data breaches.
There are three types of personal data breaches:
- Breach of confidentiality, in the case of unauthorized or accidental disclosure or access
- Breach of integrity, in the case of unauthorized or accidental modification of the data
- Breach of availability, in the case of accidental or unauthorized loss, access, or destruction
A breach may comprise all the three types, or a combination of them.
How do I add data breach in UTOPIA?
To insert a data breach click the Data Breaches menu, then the use the (+) button to choose the linked record of processing and save.
Now switch to the section Breaches where you can add a personal data breach by clicking the (+) button again.
The breach card is made up of these sections:
- Identification: section dedicated to the analysis of the event and the breach (if occurred)
- Processing and Assets: here you can specify the processing activities, the assets and the data subjects involved in the breach.
- Consequence to the data subject: here you can specify the risks caused by the event, its consequences, and the risk evaluation caused by the breach, which is different from the impact evaluation of processing.
- Security measures: here you can add technical and organizational measures to reduce the impact of the event including the assets involved.
- Contacts: here you can specify the contact details of the people involved in the management of the event, such as DPOs, privacy representatives, or other collaborators.
- Notifications: if the notification requirement is necessary you can specify to whom, guarantor or even data subjects, and when it was made.
- Attachments: in this section, you can attach documents of any type to detail the breach event.
Learning to manage breaches in UTOPIA is an essential step for ensuring compliance for your organization.