Bulletin 2: Handling Data Breaches Under GDPR
GDPR defines a data breach as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.”
Breaches could include a lost or stolen laptop containing personal data, the accidental emailing of personal data to non-authorized users, and so on.
Under GDPR, upon becoming aware of a breach, IEEE may have only 72 hours to notify EU authorities. Rapid action is important.
In your role as a volunteer, you may be responsible for the collection or processing of personal data. If you detect, or even suspect a data breach, immediately contact the IEEE IT Security Team at email@example.com. They can help assess the situation and react accordingly to notify the proper authorities as needed.
Please forward this email to your IEEE colleagues who handle personal data, newsletter/email distributions, websites, or other activities that fall under GDPR.
What’s Next? Bulletin #3 will focus on Data Subject Requests