Does the GDPR require taking any other steps with regard to the personal data breach?

In the event of any incident regarding the personal data security, the controller shall ascertain whether the breach was a result of a human error or a system problem and determine the way to prevent the incident repetition – by implementing better procedures, conducting further training or by undertaking another corrective measures. It is recommended to implement procedures by controllers and processors in order to perform the personal data breach obligations effectively. Furthermore, in accordance with Article 40 (2) (i) GDPR, the procedure of the notification of personal data breaches to supervisory authorities and the communication of such personal data breaches to data subjects shall be part of the code of conduct.

2018-08-09 Metadane artykułu