Bulletin 2: Handling Data Breaches Under GDPR

IEEE Technical Activities Bulletin #2

Topic: Handling Data Breaches Under GDPR

Bulletin Type: Action

Audience: Individuals responsible for collecting and managing personal data

Version 3 - July 2021

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

What is a Data Breach?

GDPR defines a data breach as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.”

Breaches could include a lost or stolen laptop containing personal data, the accidental emailing of personal data to non-authorized users, and so on.

What happens if there is a breach?

Under GDPR, upon becoming aware of a breach, IEEE may have only 72 hours to notify EU authorities. Rapid action is important.

In your role as a volunteer, you may be responsible for the collection or processing of personal data. If you detect, or even suspect a data breach, immediately contact the IEEE IT Security Team at privacy@ieee.org. They can help assess the situation and react accordingly to notify the proper authorities as needed.

How can I learn more?

Visit the Technical Activities Data Privacy Resource Page or the IEEE Data Privacy page.

Please forward this email to your IEEE colleagues who handle personal data, newsletter/email distributions, websites, or other activities that fall under GDPR.

If you have questions or need assistance, please contact TA Answer Central.

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

[Download PDF]