Unintentional data breach and measures to avoid it

Unintentional breach of personal data has recently been disclosed by Slovenian state authority and Slovenian companies.

The General Data Protection Regulation (hereinafter: »the GDPR«) defines personal data breach as a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed. Furthermore, the GDPR specifies the obligation of the controller to notify the supervisory authority of the personal data breach. Slovenian government has established the Information Commissioner as a supervision authority in such matter. The Information Commissioner must be notified of personal data breach within 72 hours after the breach has been made. In the event that the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller should communicate personal data breach to the data subject without undue delay.

The GDPR stipulates fines of up to 20 million EUR or 4% of the annual income in case such breach has been made, and the supervision authority is not notified. However, the following measures should be undertaken in order to avoid the abovementioned fines and to increase the security of processing:

  • the pseudonymization and encryption of personal data;
  • the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
  • the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
  • a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.

In case such measures were not undertaken by your company, we advise you to do so.

RELATED POSTS
New CJEU ruling on the implementation of the Air Passenger Rights Regulation No 295/91

New CJEU ruling on the implementation of the Air Passenger Rights Regulation No 295/91

On 29 September 2022, the Court of Justice of the European Union (CJEU) issued its judgment in Case C-597/20, ruling…

Read more
As of September 1, 2022, it is only possible to report accidents and injuries through the SPOT portal

As of September 1, 2022, it is only possible to report accidents and injuries through the SPOT portal

On September 1, 2022, the new Regulations on the Reporting of Accidents and Injuries at Work (Official Gazette RS, no….

Read more
JUDGMENT OF THE COURT OF JUSTICE REGARDING THE ACT ON JUDICIAL PROTECTION OF FORMER HOLDERS OF ELIGIBLE LIABILITIES

JUDGMENT OF THE COURT OF JUSTICE REGARDING THE ACT ON JUDICIAL PROTECTION OF FORMER HOLDERS OF ELIGIBLE LIABILITIES

With the adoption of the Act on Judicial Protection Procedure for Former Holders of Eligible Liabilities of Banks (Act on…

Read more

Address:

Dalmatinova ulica 2
SI-1000 Ljubljana, Slovenia

Phone:

+386 59 097 400
+386 59 097 410

Email:

info@s-k.law

Social: