Because of the sheer number of data breaches reported last year, along with a steady stream of new revelations about the misuse of data, it’s possible you think you’ve heard everything there is to know about data breaches.
That’s not really the case.
With the GDPR fully implemented, there’s yet another way for companies to be in breach of data privacy laws. GDPR is a sweeping set of rules governing the handling of European Union members’ personal data, no matter where it is. It came into full force in May, and breaches carry huge fines — up to 4 percent of a company’s annual global turnover or €20 million (whichever is greater).
So what is a breach under GDPR? To the GDPR, it as a “breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data.” Under GDPR, entities have only 72 hours to notify a supervisory authority, which is also known as a data protection authority (DPA). Data controllers are required to report breaches to the authority, while processors must report them to their controllers.