A data breach... That sounds like some remote matter. Still, it happens more often than you think! For example, when you lose your USB stick on the train, forget your laptop at a venue, or send an email with personal data to the wrong person. All these situations are examples of a possible data breach. As of May 25, 2018, a new EU privacy law (General Data Protection Regulation or GDPR) applies to organisations, obliging them to report every data breach to the European Supervisory Authority (ESA). If the data are not carefully processed and/or saved, your organisation will risk high penalties. In this blog, we’ll explain what a data breach is, what to do when it happens and - most importantly - what you can do to prevent it.
We speak of a data breach when a person or organisation loses control over the destination of a large amount of sensitive personal data such as information about health or religion, but also financial or login information.
When personal data has become public, the first thing you do is report it to the security department or the Data Privacy Officer (DPO) of your organisation. He or she will estimate whether it is, in fact, a data breach - and how serious the situation is. If a data breach occurs, the new GDPR obliges the organisation both to document it internally and notify the ESA within 72 hours.
The ESA will then investigate the consequences and risks, and assess whether the organisation has carefully handled the data. If this the data were not processed and stored according to the new policy, your organisation will risk a fine up to €20 million - or 4% of your global revenue (which can add up to an even higher amount). And besides, don’t underestimate the consequences of reputation damage.
As an event manager, you collect a lot of personal data during the registration process. Moreover, you work at different locations and multiple suppliers that process personal data are involved in the process. In other words, there is a considerable risk of a data breach. Therefore it is important to develop a safe working method, together with your colleagues in Security/Legal. The following steps are crucial (and in many cases even mandatory) for data breach prevention.
Each organisation follows a different security policy. It’s important that you, together with your DPO, create a protocol for processing event-related personal data. This requires an open approach in which all parties agree on the security and privacy.
A data breach occurs when a person or organisation loses control of the destination of (a large amount) sensitive personal data. In May 2018, a new EU privacy law will be introduced, whereby companies will be held responsible when the data is not processed and stored carefully. In that case, the organisation runs the risk of a (high) fine. It's important to realise that organising events involves a risk of data loss. You can minimise these risks by properly managing the personal data processing process. Start preparing in time!
This is the 2nd of 3 blogs on preparing for the new privacy law. Read more in our next blogs: