13 February, 2019

Unintentional data breach and measures to avoid it

Unintentional breach of personal data has recently been disclosed by Slovenian state authority and Slovenian companies.

The General Data Protection Regulation (hereinafter: »the GDPR«) defines personal data breach as a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed. Furthermore, the GDPR specifies the obligation of the controller to notify the supervisory authority of the personal data breach. Slovenian government has established the Information Commissioner as a supervision authority in such matter. The Information Commissioner must be notified of personal data breach within 72 hours after the breach has been made. In the event that the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller should communicate personal data breach to the data subject without undue delay.

The GDPR stipulates fines of up to 20 million EUR or 4% of the annual income in case such breach has been made, and the supervision authority is not notified. However, the following measures should be undertaken in order to avoid the abovementioned fines and to increase the security of processing:

  • the pseudonymization and encryption of personal data;
  • the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
  • the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
  • a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.

In case such measures were not undertaken by your company, we advise you to do so.

RELATED POSTS
Revolut moves its customers to Lithuania – have you notified the change to the Financial Administration?

Revolut moves its customers to Lithuania – have you notified the change to the Financial Administration?

Revolut Ltd, a British fin-tech company that offers banking services, has started shifting its customers to its Lithuanian entity Revolut…

Read more
We are ranked in the IFLR 1000

We are ranked in the IFLR 1000

We are proud to announce that our law firm has been ranked #Tier 3 for Corporate and Financial law in…

Read more
Temporary restriction of movement – inconsistent with the Constitution?

Temporary restriction of movement – inconsistent with the Constitution?

By decision U-I-83/20 of 27 August 2020, the Constitutional Court ruled that the temporary restriction of movement during the first…

Read more

Address:

Dalmatinova ulica 2
SI-1000 Ljubljana, Slovenia

Phone:

+386 59 097 400
+386 59 097 410

Email:

info@s-k.law

Social: