De Luca & Partners

Home » Data Breach

HR Managers are required to carefully handle data breaches scenarios and behaviors that points to a “disloyal” employee. The legal framework and the possibility of such events occurring require HR Managers to adopt a strategy that protects the company, its employees and its team. 

It is worth considering that HR Managers are proactive in implementing a comprehensive data management system, supported by structured processes and ongoing training. This ensures that employees are fully aware of their responsibilities and the appropriate actions to be taken to protect both personal and corporate data. 

Continue reading the full version published in HR Link

Home » Data Breach

The Italian Data Protection Authority, with the newsletter 472 of 25 January 2021, announced that on 14 January, the EDPB (“European Data Protection Board”) adopted new Guidelines (“Guidelines 01/2021 on Examples regarding Data Breach Notification”, the “Guidelines”) aimed at supporting companies and public administration in correctly addressing data breaches and defining risk management processes.

The document adds to the previous guidelines of Working Party 29 (“Guidelines on Personal data breach notification under Regulation 2016/679”) which, include a technical-theoretical analysis of what is prescribed by Regulation (EU) 2016/697 (the “Regulation”) about personal data breaches (or “Data Breach”).

Considering information security principles, recalling “Opinion 3/2014” and “Guidelines WP 250”, EDPB provides a classification of the type of breaches, namely:

  • “confidentiality breaches” – occur when there is an unauthorised disclosure of or access to personal data;
  • “integrity breaches” – occur when there is an unauthorised or accidental alteration of personal data;
  • “availability breaches” – occur when there is an accidental or loss of access to or destruction of personal data.

Aiming to provide useful guidance to data controllers and data processors on how to handle a personal data breach correctly, the Guidelines illustrate what to avoid (e.g. failure to encrypt data). They also contain numerous practical case studies involving hospitals, banks, businesses and online service companies of various kinds in different European countries.

These case studies describe the preventive measures that can be taken and suggest how to carry out a breach risk assessment, the potential measures that can be taken to reduce the risks and legal obligations that must be met.

EDPB launched a European public consultation on the document that will end on 2 March 2021.

Others insights related: