"/>

PAe - AEPD publishes a tool to decide whether to communicate a security breach those affected
Logo government of spain The government of spain logo The government of spain logo
Hearing
Logo e-government Portal PAE logo PAE logo
Portal Logo impression of electronic administration
The text search (*) Direct access to the search engine

User

Search

The text search (*) Direct access to the search engine

Menu

accesskey _ mod _ content

The AEPD publishes a tool to decide whether to communicate a security breach those affected

  • Hearing
  • Copy
  • Print To PDF
  • Share

23 october 2020

‘ Comunica-Brecha RGPD ’ aims to promote transparency and accountability proactive interaction between those responsible and allow those affected by a security breach know when their rights and freedoms may be at risk

The Spanish data protection agency (Opens in new window) (AEPD) has published Comunica-Brecha RGPD (Opens in new window) , a tool that will help to those responsible for treatment in decision-making to the obligation to communicate with a security breach of personal data to those affected.

The General regulations on data protection (RGPD) contains the obligation for responsible handling of personal data to communicate without delay to the concerned security gaps when it is probable that they involve a high risk for rights and freedoms of natural persons.

The purpose of Comunica-Brecha RGPD is to promote transparency and accountability proactive interaction between those responsible, in an exercise to enable affected by a security breach know when those rights and freedoms may be at risk and thus be able to take the measures they deem appropriate for them.

This new feature of the agency is free, easy to use and is based on a short form in obtaining details for the application of some basic criteria that may be indicative of the risk associated with a security breach. In any case the agency stores disclosures in the process.

By completing the form, and depending on the information that have been provided, as a response offers three possible scenarios: that must be given the gap to be affected to a high risk; that there is no need for such communication, or that you cannot determine the level of risk.

The use of this tool does not in any way replace the necessary assessment of the level of risk by the responsible, who best know the details of the processing of personal data, the characteristics of the subject of data, the circumstances of the security gap and the rest of the factors that make it possible to obtain a proper risk assessment. Similarly, the use of Comunica-Brecha RGPD to facilitate decision-making to the obligation to communicate security gaps to stakeholders is independent from the obligation to notify such a gap to the supervisory authority.

This new resort joins the ‘ The decalogue of aid resources of the AEPD (Opens in new window) ’ to promote awareness and implementation of The General regulations on data protection (Opens in new window) and Law of data protection (Opens in new window) and guarantee of the digital rights.

  • Open government, reports and studies
  • Security
Known Citizen folder
News PTT
Archive
 
Known Citizen folder