Regardless of size or type of business, every entity that is processing personal data is required to analyse associated privacy risks, train their staff and thoroughly resolve all incidents that pertain the confidentiality, integrity or availability of personal data.
Accidental or unlawful destruction, loss, modification or unauthorised disclosure of personal data processed by an organisation is a personal data breach.
Specifically, a data breach is an incident the loss of confidentiality, integrity of availability of personal data. After an incident occurs, the potential impact and consequences must be determined, and mitigation efforts are needed – not just for the organisation but also for the individuals affected. If necessary, relevant public authorities and the persons concerned must be notified.
More broadly, data protection incidents also include events of behaviour or practise that is in infringing with the law, internal rules or contractual requirements.
After the incident is handled and the circumstances are determined, it is important to learn from the incident and, if necessary, modify and improve the relevant privacy controls.
Proper handling of privacy topics entails a risk-based approach. Many processes and activities – ranging from prioritizing data protection activities to resolving individual cases – require prior risk identification, taking in account the nature of the threat, its probability and consequences in case of realisation. We help organisations to evaluate the potential privacy risks to the persons concerned.
Our services: data protection and privacy impact assessments, legitimate interest assessments, risk assessments regarding transferring personal data to third countries, and ad hoc privacy assessments based on a specific scenario.
Customised training and awareness programmes and individual training sessions, all based on the client’s type and area of business, structure and target audience.