GDPR: What should I do if there is a data breach?
A data breach is a security incident that affects the confidentiality, integrity or availability of personal data. Possible incidents that can lead to a data breach are:
- access to personal data by an unauthorised third party;
- intentional or unintentional action that affects the security of personal data;
- sending personal data to an incorrect recipient;
- lost or stolen computer equipment with personal data;
- changing personal data without consent.
The GDPR obliges organisations to report serious data breaches to the Data Protection Authority within 72 hours after the data breach has come to light. This notification is mandatory if the data breach poses a risk to the privacy of the persons involved.
Ghent University researchers must therefore report a (suspected) data breach as soon as possible to the DICT Helpdesk via helpdesk@ugent.be.
More tips
- GDPR: Can I share research data with personal data with other researchers or institutions when my research project has ended? (Integrity in science)
- GDPR: how am I transparent to data subjects in my research? (Integrity in science)
- GDPR: how can I ensure that the processing of personal data is lawful? (Integrity in science)
- GDPR: how can I protect my data correctly? (Integrity in science)
- GDPR: how do I register personal data processing activities? (Integrity in science)
- GDPR: how long can research data containing personal data be stored? (Integrity in science)
- GDPR: what are personal data? (Integrity in science)
- GDPR: what are the basic principles? (Integrity in science)
- GDPR: what are the different roles and responsibilities according to the GDPR? (Integrity in science)
- GDPR: What do I need to think about when transferring personal data to third countries or international organisations? (Integrity in science)
- GDPR: what has changed with regard to the previous privacy legislation? (Integrity in science)
- GDPR: what information should I include in an informed consent form when the processing of personal data is based on the consent of the data subjects? (Integrity in science)
- GDPR: what is the General Data Protection Regulation? (Integrity in science)
- GDPR: what rights do data subjects have, how do I respect them and what exceptions may apply to research? (Integrity in science)
- GDPR: what should I do in the event of further/secondary processing of personal data? (Integrity in science)
- GDPR: what should I keep in mind when designing my research? (Integrity in science)
- GDPR: what should I keep in mind when processing special categories of personal data? (Integrity in science)
- GDPR: What should I think about when I collaborate with others or share my data? (Integrity in science)
- GDPR: What should I think about when processing personal data from minors? (Integrity in science)
- GDPR: When am I processing high-risk personal data and when do I need to conduct a DPIA? (Integrity in science)
- GDPR: when does it apply to my research? (Integrity in science)
- GDPR: who are considered as vulnerable persons? (Integrity in science)
- GDPR: why is it important to comply with this legislation? (Integrity in science)
Translated tip
Last modified Jan. 21, 2021, 2 p.m.