Assign topic to the user
Answer:
Article 4 – Definitions of the EU GDPR (https://advisera.com/gdpr/definitions/) defines personal data as “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;” so this definitely includes the account number as we ll as credit card number.
As regards to data breaches, notifying data breaches was not required under the old directive but is now under the EU GDPR under certain circumstances that relate to the likelihood of the breach affecting the rights and freedom of the data subjects. So, unless there is no risk to the data subject a controller can choose not to notify a breach. However, if we are talking about financial data is most likely that there would be a risk for the affected data subjects thus the breach would need to be reported.
To learn more about data breaches check out our webinar “A How-to Guide for GDPR Data Breach Notifications” (https://advisera.com/eugdpracademy/webinar/a-how-to-guide-for-gdpr-data-breach-notifications-free-webinar-on-demand/)
Comment as guest or Sign in
Jul 23, 2018