Information security incident by ISO 27001 vs. personal data breach by GDPR
Assign topic to the user
Answer:
If the vulnerability was not exploited to misuse personal data there is no data breach under the EU GDPR. The EU GDPR defines a “personal data breach” in Article 4(12) as: “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise process ed”
So if the data was not destroyed, lost, altered or transmitted, then it is just a security incident but not a data breach.
To learn more about data breach check out our free “EU GDPR Foundations Course” (https://advisera.com/training/eu-gdpr-foundations-course//).
Comment as guest or Sign in
Sep 30, 2018