Unintentional data breach and measures to avoid it

Unintentional breach of personal data has recently been disclosed by Slovenian state authority and Slovenian companies.

The General Data Protection Regulation (hereinafter: »the GDPR«) defines personal data breach as a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed. Furthermore, the GDPR specifies the obligation of the controller to notify the supervisory authority of the personal data breach. Slovenian government has established the Information Commissioner as a supervision authority in such matter. The Information Commissioner must be notified of personal data breach within 72 hours after the breach has been made. In the event that the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller should communicate personal data breach to the data subject without undue delay.

The GDPR stipulates fines of up to 20 million EUR or 4% of the annual income in case such breach has been made, and the supervision authority is not notified. However, the following measures should be undertaken in order to avoid the abovementioned fines and to increase the security of processing:

  • the pseudonymization and encryption of personal data;
  • the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
  • the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
  • a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.

In case such measures were not undertaken by your company, we advise you to do so.

RELATED POSTS
We are back in full swing, sharing our experience and knowledge with you!

We are back in full swing, sharing our experience and knowledge with you!

Our lawyers, Jan Sibinčič and Dr Anja Strojin Štampar, will give a lecture for the Slovenian Association of Supervisors on…

Read more
Legal 500 Ranking

Legal 500 Ranking

We are happy to announce that Sibinčič Novak & Partners has been ranked again bythe Legal 500 among the leading…

Read more
We are expanding our legal knowledge and connections across borders.

We are expanding our legal knowledge and connections across borders.

Sibinčič Novak & Partners has joined Mackrell International Legal Network! A global network of law firms specializing in all fields of law….

Read more

Address:

Law firm Sibinčič Novak & Partners
Dalmatinova ulica 8
SI-1000 Ljubljana, Slovenia

Company information:

Share capital EUR 10,560

Reg. no: 9575782000

VAT no: SI68184093

District court of Ljubljana