What is a data breach?
Jan. 21, 2019, 1:45 p.m.
The processing of personal data is a complex process. Its complexity is based on the fact that it involves the human factor on the one hand (in the process in question, employees of all levels of the organization participate), and on the other - non-human (processing operations are most often carried out in IT systems). Thus, a possible breach of personal data protection may occur for reasons attributable to staff (non-compliance with procedures) as well as for technical reasons (system failure). We are abstracting from such incidents as the cyber attack, which may result from human errors (failure to provide adequate protection due to non-compliance with procedures), and from technical shortcomings (IT system not adapted to the type of processing operations performed).
The term "data protection breach" should be understood as "a breach of security leading to accidental or unlawful destruction, loss, modification, unauthorized disclosure or unauthorized access to personal data sent, stored or otherwise processed.
In any case, where there is a risk of violation of the rights and freedoms of individuals, that is, whenever the infringement may result in physical, material or intangible damage to the natural persons whose data have been infringed. Such damages include, for example, discrimination, identity theft or identity fraud, fraud, financial loss, loss of confidentiality of personal data protected by professional secrecy, breach of reputation or other significant economic or social consequences for a natural person. If the violation concerns personal data revealing ethnicity, political views, religious or ideological beliefs, trade union membership or genetic data regarding health or sex life, it should be considered that there is a high likelihood of such damage.