An item of mail that has been returned opened. An email accidentally sent to the wrong person. A stolen laptop. These are all examples of possible data leaks.
As an organisation processing personal data you are obliged to report data leaks to the Data Protection Authority and you must also inform the data subject if the breach could have grave consequences for them. In any event, you should keep a record of all data breaches, even if they do not need to be reported to the Authorities.
Experience has taught us that organisations often struggle to determine whether there has been a data leak and if it should be reported to the Authorities (and the data subject). Our privacy consultants can help you decide.
Deciding whether to report a data leak can be difficult. You need to find a way to make a decision that weighs up all considerations. It should also be easy to understand and replicate. We can help you to: