Data breach

Data breach means the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This includes incidents in which personal data is compromised, stolen or accidentally disclosed. In the event of a data breach, the controller is obliged to notify the competent data protection authority and, under certain circumstances, the data subjects. The data breach may result in legal consequences and fines, especially if appropriate security measures have not been taken. Not all ‘data breaches’ pose a risk to the data subjects. Whether a data breach has occurred should be legally examined.

Examples:

  1. Loss or theft of devices: When a laptop, smartphone or other device containing personal data is stolen or lost.

  2. Hacking or cyber attacks: When an attacker penetrates the IT infrastructure of a company or organisation and accesses data that they should not see.

  3. Phishing attacks: When employees fall for fraudulent emails or websites and reveal their login credentials, resulting in unauthorised access to data.

  4. Misconfiguration of databases and servers: when databases or servers are inadvertently configured to be accessible to unauthorised users.

  5. Incorrect data transfer: if data is inadvertently sent to the wrong person or organisation.

  6. Unauthorised access by internal employees: if employees who are not authorised access data.

  7. Loss or disclosure of physical documents: When confidential documents are lost or fall into the hands of unauthorised persons.