PAe - AEPD issued a new version of your guide to notify personal data gaps
accesskey _ mod _ content

The AEPD issued a new version of your guide to notify personal data gaps

26 may 2021

The notifications and communications of disparities affecting personal data are part of the proactive responsibility established in the General Rules on data protection (RGPD).

The spanish data protection (AEPD) has published an upgrade of its ‘ Guide to notification of personal data gaps ’, a document that aims guide to those responsible for the treatment of personal data in its obligation of notification to the data protection authorities and ask those whose data have been affected. This guide updates the version published in 2018, when he began to apply the General regulations on Data protection (RGPD), and includes the experience gained in this time, both nationally and in connection with the criteria established by the european committee for the protection of Data.

The main purpose of this update is to facilitate the implementation of an effective and efficient manner of the ultimate objectives of the notification of personal data gaps: the effective protection of rights and freedoms the creation of an enabling more resilient based on knowledge of the vulnerabilities of the organization and the guarantee of legal certainty by providing those responsible for a means to show diligence in implementing their obligations.

Any organization is susceptible to a gap of personal data that may affect the rights and freedoms, and is obliged to manage it properly . This incident may be due to accidental or intentional but, generally, caused the destruction, loss, alteration, communication or unauthorized access to personal data. The Guide began looking at what is a gap of personal data and what is not in the context of the european regulatory framework, national and sectoral levels. Below analyses when to reporting such gap to the supervisory authority, within what timeframe, or who and what content must include the article 34 notification. On communication for affected individuals, the document recognises the cases in which it is the content and deadlines.

The notifications and communications relating to disparities affecting personal data are part of the proactive responsibility established in the RGPD, and to notify or report does not necessarily imply the imposition of sanctions. Indeed, to do so in time is evidence of the organization, while out of that obligation is defined as an offence.

The Guide provides guidelines to facilitate and streamline compliance of these obligations and, amongst other things, provides guidance on some times as the RGPD leaves, such as notification of a gap of personal data to the control authority gradually, to report to the data have been affected or those relating to the report to the treatment responsible when there is a gap.

The Agency has operated over 700 reported data gaps in the first five months of 2021. Most of them have come about from external attack and intended to be the ransomware the most prevalent threat, threatening not only the availability but also the confidentiality of personal data.

Communication to the affected

In addition to the present guide, the agency has a tool called “ Comunica-Brecha RGPD ’, which offers help organizations to decide whether or not wishing to be a gap of data for affected individuals, an independent obligation to notify such a gap to the supervisory authority.

This resource is based on a short form in obtaining details for the application of some basic criteria indicative of the risk associated with the gap. By completing the form, and depending on the information that have been provided, three scenarios, advise that it must notify the persons affected to be seen at high risk; that there is no need for such communication, or that you cannot determine the level of risk. The final decision shall lie with the responsible according to the specific aspects of treatment and specific gap in no case will the agency stores disclosures in the process.

Original source of news (Opens in new window)

  • Citizen
  • Security