GDPR: What should I do if there is a data breach?
A data breach is a security incident that affects the confidentiality, integrity or availability of personal data. Possible incidents that can lead to a data breach are:
- access to personal data by an unauthorised third party;
- intentional or unintentional action that affects the security of personal data;
- sending personal data to an incorrect recipient;
- lost or stolen computer equipment with personal data;
- changing personal data without consent.
The GDPR obliges organisations to report serious data breaches to the Data Protection Authority within 72 hours after the data breach has come to light. This notification is mandatory if the data breach poses a risk to the privacy of the persons involved.
Ghent University researchers must therefore report a (suspected) data breach as soon as possible to the DICT Helpdesk via firstname.lastname@example.org.
Last modified Jan. 21, 2021, 2 p.m.