Bulletin 2: Handling Data Breaches Under GDPR

IEEE Technical Activities Bulletin #2
Topic: Handling Data Breaches Under GDPR
Bulletin Type: Action
Audience: Individuals responsible for collecting and managing personal data
Version 2, 18 June 2018


What is a Data Breach?

GDPR defines a data breach as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.” 

Breaches could include a lost or stolen laptop containing personal data, the accidental emailing of personal data to non-authorized users, and so on.

What happens if there is a breach?

Under GDPR, upon becoming aware of a breach, IEEE may have only 72 hours to notify EU authorities. Rapid action is important.

In your role as a volunteer, you may be responsible for the collection or processing of personal data. If you detect, or even suspect a data breach, immediately contact the IEEE IT Security Team at privacy@ieee.org. They can help assess the situation and react accordingly to notify the proper authorities as needed.

How can I learn more?

Please forward this email to your IEEE colleagues who handle personal data, newsletter/email distributions, websites, or other activities that fall under GDPR.


What’s Next? Bulletin #3 will focus on Data Subject Requests