GDPR: what should I do in case of a data breach?
A ‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
Breaches can be categorised into the following three categories:
- Confidentiality breach - where there is an unauthorised or accidental disclosure of, or access to, personal data.
- Integrity breach - where there is an unauthorised or accidental alteration of personal data.
- Availability breach - where there is an accidental or unauthorised loss of access to, or destruction of, personal data.
Possible incidents that can lead to a data breach are:
- access to personal data by an unauthorised third party;
- an intentional or unintentional action that affects the security of personal data;
- sending personal data to an incorrect recipient;
- lost or stolen computer equipment (like a USB-stick) with personal data;
- changing personal data without consent.
The GDPR obliges organisations to report serious data breaches to the Belgian Data Protection Authority and the Flemish Supervisory Commission for the Processing of Personal Datawithin 72 hours after the data breach has come to lightif the data breach poses a risk to the rights and freedoms (such as the privacy) of the persons involved.
Data subjects must also be notified if the breach is likely to pose a high risk to their rights and freedoms.
Any notification to the relevant data protection authority and the data subject(s) will be made by the University of Ghent.Ghent University researchers must therefore report a (suspected) data breach as soon as possible to the DICT Helpdesk via DICT HelpMe.
More tips
- GDPR: Can I share research data with personal data with other researchers or institutions when my research project has ended? (Research integrity & ethics)
- GDPR: how can I ensure that the processing of personal data is lawful? (Research integrity & ethics)
- GDPR: how do I protect my data correctly? (Research integrity & ethics)
- GDPR: how do I register personal data processing activities? (Research integrity & ethics)
- GDPR: how long may I store research data containing personal data? (Research integrity & ethics)
- GDPR: how to be transparent to data subjects in my research? (Research integrity & ethics)
- GDPR: what are personal data? (Research integrity & ethics)
- GDPR: what are some things to consider when processing personal data from minors? (Research integrity & ethics)
- GDPR: What are the basic principles? (Research integrity & ethics)
- GDPR: What are the different roles and responsibilities according to the GDPR? (Research integrity & ethics)
- GDPR: What do I need to think about when transferring personal data to third countries or international organisations? (Research integrity & ethics)
- GDPR: What do I need to think about when using a mailing list in the context of my research? (Research integrity & ethics)
- GDPR: what has changed with regard to the previous privacy legislation? (Research integrity & ethics)
- GDPR: What information should I include in an informed consent form when the processing of personal data is based on the consent of the data subjects? (Research integrity & ethics)
- GDPR: what is the General Data Protection Regulation? (Research integrity & ethics)
- GDPR: What rights do data subjects have, how do I respect them and what exceptions may apply to research? (Research integrity & ethics)
- GDPR: What should I do in the event of further/secondary processing of personal data? (Research integrity & ethics)
- GDPR: What should I keep in mind when designing my research? (Research integrity & ethics)
- GDPR: what should I keep in mind when processing special categories of personal data? (Research integrity & ethics)
- GDPR: What should I think about when I collaborate with others or share my data? (Research integrity & ethics)
- GDPR: When am I processing high-risk personal data and when do I need to conduct a DPIA? (Research integrity & ethics)
- GDPR: when does it apply to my research? (Research integrity & ethics)
- GDPR: who are considered to be vulnerable persons? (Research integrity & ethics)
- GDPR: why is it important to comply with this legislation? (Research integrity & ethics)
Translated tip
Last modified March 6, 2024, 9:30 a.m.