Bulletin 2: Handling Data Breaches Under GDPR
IEEE Technical Activities Bulletin #2
Topic: Handling Data Breaches Under GDPR
Bulletin Type: Action
Audience: Individuals responsible for collecting and managing personal data
Version 3 - July 2021
What is a Data Breach?
GDPR defines a data breach as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.”
Breaches could include a lost or stolen laptop containing personal data, the accidental emailing of personal data to non-authorized users, and so on.
What happens if there is a breach?
Under GDPR, upon becoming aware of a breach, IEEE may have only 72 hours to notify EU authorities. Rapid action is important.
In your role as a volunteer, you may be responsible for the collection or processing of personal data. If you detect, or even suspect a data breach, immediately contact the IEEE IT Security Team at firstname.lastname@example.org. They can help assess the situation and react accordingly to notify the proper authorities as needed.
How can I learn more?
Please forward this email to your IEEE colleagues who handle personal data, newsletter/email distributions, websites, or other activities that fall under GDPR.
If you have questions or need assistance, please contact TA Answer Central.