{"id":16032,"date":"2020-11-23T12:53:35","date_gmt":"2020-11-23T11:53:35","guid":{"rendered":"https:\/\/www.rosello-mallol.com\/?p=16032"},"modified":"2021-03-11T10:52:22","modified_gmt":"2021-03-11T09:52:22","slug":"security-breaches-and-gdpr-whats-new","status":"publish","type":"post","link":"https:\/\/www.rosello-mallol.com\/en\/security-breaches-and-gdpr-whats-new\/","title":{"rendered":"Security breaches and the GDPR: what&#8217;s new"},"content":{"rendered":"\n<p>The management of security breaches is undoubtedly one of the most important new features of the GDPR. A year ago, we published a <a href=\"https:\/\/www.rosello-mallol.com\/en\/security-incidents-what-to-do\/\">post <\/a>where we explained what to do if they occurred in your company or startup, but the situation of this last year certainly requires an update of the content.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>What to do in the event of a security breach?<\/strong><\/h2>\n\n\n\n<p>The are three basic obligations in light of any security breach, according to the GDPR and as recommended in November 2019:<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li><strong>Record and internally manage the security breach<\/strong>. This requires having an internal protocol so that security breaches are reported to the person responsible to record the steps that have been followed in order to minimise their impact. This last point is very important because companies do sometimes not have a real and effective capacity to prevent an attack or a security breach, but they have a say in deciding how they respond. This is a factor that the Spanish Data Protection Authority (\u201cAEPD\u201d) values \u200b\u200bhighly if the breach ends up in penalty proceedings.<\/li><\/ol>\n\n\n\n<ol class=\"wp-block-list\" start=\"2\"><li><strong>Analyse whether the breach should be reported to the AEPD. <\/strong>This is one of the important new issues in the GDPR: the introduction of the obligation to report data breaches to the AEPD; the only exception is that this breach is unlikely to create risks to those affected (for example, if data was encrypted). In all other cases, reporting is mandatory within 72 hours after becoming aware of the incident. This is not just any old factor, because companies often become aware of the incident months after it has occurred.<\/li><\/ol>\n\n\n\n<ol class=\"wp-block-list\" start=\"3\"><li><strong>Analyse whether the breach should be reported to those affected<\/strong>. In the most serious cases (identity theft or breaches that might imply identity theft) reporting to those affected is required.<\/li><\/ol>\n\n\n\n<p>In relation to these last two important points, an <strong>important new issue must be added here, which<\/strong> is the recent publication by the AEPD of a <a href=\"https:\/\/www.aepd.es\/es\/guias-y-herramdamientos\/herramdamientos\/comunica-brecha-rgpd\" target=\"_blank\" rel=\"noreferrer noopener\">questionnaire <\/a>that enables you to decide whether reporting is required to the AEPD itself and to those affected. By answering a few brief questions, you are given guidelines on how to act.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/Gestio-Riscos-Digital-Ciberseguretat-advocat.jpg\" alt=\"Security breaches\" class=\"wp-image-13856\" width=\"580\" height=\"384\" srcset=\"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/Gestio-Riscos-Digital-Ciberseguretat-advocat.jpg 800w, https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/Gestio-Riscos-Digital-Ciberseguretat-advocat-300x199.jpg 300w, https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/Gestio-Riscos-Digital-Ciberseguretat-advocat-768x509.jpg 768w\" sizes=\"(max-width: 580px) 100vw, 580px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Are there fees for not reporting security breaches?<\/strong><\/h2>\n\n\n\n<p>In November 2019, there were still no penalties in Spain for not reporting security breaches. In July 2020, a \u20ac3,600 fine was published for failure to notify to the AEPD of a security breach. <\/p>\n\n\n\n<p>The fine was \u20ac6,000, but it was reduced because the party responsible paid voluntarily. The specific case was a computer attack on a company through which the attackers obtained the personal data, such as email, of the company&#8217;s clients and sent them emails to obtain more information about them for fraudulent purposes. <\/p>\n\n\n\n<p>These attacks are becoming more frequent.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Security breaches and COVID19?<\/strong><\/h2>\n\n\n\n<p>This year 2020 will be sadly remembered for COVID19; among many other consequences, is the fact that companies have often entrusted their continuity to \u201cnew\u201d digital providers and teleworking. <\/p>\n\n\n\n<p>Both cases, regardless of their advantages, can be a source of &#8220;new&#8221; security breaches.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">New providers and tools<\/h3>\n\n\n\n<p>As said, given the impossibility to perform most of tasks in person, companies have implemented new tools to continue working: video calls, digital document signature systems, contracts, etc. <\/p>\n\n\n\n<p>These tools, for the most part, are managed by new suppliers for companies and if we put part of their production processes and the personal data that are handled in them &#8220;in their hands&#8221;, companies must be aware that breaches or incidents can happen.<\/p>\n\n\n\n<p>That is why it is very important to ensure the breach reporting policy between suppliers and their clients so that they, in turn, meet the requirements of the GDPR.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Telework<\/h3>\n\n\n\n<p>The phenomenon of teleworking has experienced unprecedented growth in 2020. <\/p>\n\n\n\n<p>With its undeniable advantages, teleworking is not without new risks: access to personal data from workers&#8217; homes, with security measures not controlled by companies, is undoubtedly the greatest of them. <\/p>\n\n\n\n<p>Any incident that occurs in these circumstances must be known and controlled by the company and treated as if it had occurred in the company itself.<\/p>\n\n\n\n<p>Security breaches are one of the new challenges of the GDPR and how to manage them is undoubtedly a situation that companies must address efficiently and according to their structure and organisation.<\/p>\n\n\n\n<p>If you need to review or implement your internal security breach management protocol, <a href=\"https:\/\/www.rosello-mallol.com\/en\/contact\/\" target=\"_blank\" rel=\"noreferrer noopener\">contact <\/a>us.<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The management of security breaches is undoubtedly one of the most important new features of the GDPR. A year ago, we published a post where we explained what to do if they occurred in your company or startup, but the situation of this last year certainly requires an update of the content. What to do [&hellip;]<\/p>\n","protected":false},"author":12,"featured_media":13345,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"_joinchat":[],"footnotes":""},"categories":[246],"tags":[471,199],"class_list":["post-16032","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-fees","tag-gdpr"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Security breaches and the GDPR: what&#039;s new | Roseel\u00f3-Mallol<\/title>\n<meta name=\"description\" content=\"Security breaches has increased and incident management has changed a lot since this complicated year, and that requires a content update.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.rosello-mallol.com\/en\/security-breaches-and-gdpr-whats-new\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Security breaches and the GDPR: what&#039;s new | Roseel\u00f3-Mallol\" \/>\n<meta property=\"og:description\" content=\"Security breaches has increased and incident management has changed a lot since this complicated year, and that requires a content update.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.rosello-mallol.com\/en\/security-breaches-and-gdpr-whats-new\/\" \/>\n<meta property=\"og:site_name\" content=\"Rosell\u00f3 Mallol\" \/>\n<meta property=\"article:published_time\" content=\"2020-11-23T11:53:35+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-03-11T09:52:22+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/Brechas-seguridad-Incidencies-RGDP.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"530\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Marketing\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@vic_rosello\" \/>\n<meta name=\"twitter:site\" content=\"@vic_rosello\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Marketing\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Security breaches and the GDPR: what's new | Roseel\u00f3-Mallol","description":"Security breaches has increased and incident management has changed a lot since this complicated year, and that requires a content update.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.rosello-mallol.com\/en\/security-breaches-and-gdpr-whats-new\/","og_locale":"en_US","og_type":"article","og_title":"Security breaches and the GDPR: what's new | Roseel\u00f3-Mallol","og_description":"Security breaches has increased and incident management has changed a lot since this complicated year, and that requires a content update.","og_url":"https:\/\/www.rosello-mallol.com\/en\/security-breaches-and-gdpr-whats-new\/","og_site_name":"Rosell\u00f3 Mallol","article_published_time":"2020-11-23T11:53:35+00:00","article_modified_time":"2021-03-11T09:52:22+00:00","og_image":[{"width":800,"height":530,"url":"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/Brechas-seguridad-Incidencies-RGDP.jpg","type":"image\/jpeg"}],"author":"Marketing","twitter_card":"summary_large_image","twitter_creator":"@vic_rosello","twitter_site":"@vic_rosello","twitter_misc":{"Written by":"Marketing","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.rosello-mallol.com\/en\/security-breaches-and-gdpr-whats-new\/#article","isPartOf":{"@id":"https:\/\/www.rosello-mallol.com\/en\/security-breaches-and-gdpr-whats-new\/"},"author":{"name":"Marketing","@id":"https:\/\/www.rosello-mallol.com\/en\/#\/schema\/person\/54fe3a9119386ad1ec22a0f09bc21147"},"headline":"Security breaches and the GDPR: what&#8217;s new","datePublished":"2020-11-23T11:53:35+00:00","dateModified":"2021-03-11T09:52:22+00:00","mainEntityOfPage":{"@id":"https:\/\/www.rosello-mallol.com\/en\/security-breaches-and-gdpr-whats-new\/"},"wordCount":721,"publisher":{"@id":"https:\/\/www.rosello-mallol.com\/en\/#organization"},"image":{"@id":"https:\/\/www.rosello-mallol.com\/en\/security-breaches-and-gdpr-whats-new\/#primaryimage"},"thumbnailUrl":"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/Brechas-seguridad-Incidencies-RGDP.jpg","keywords":["fees","GDPR"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.rosello-mallol.com\/en\/security-breaches-and-gdpr-whats-new\/","url":"https:\/\/www.rosello-mallol.com\/en\/security-breaches-and-gdpr-whats-new\/","name":"Security breaches and the GDPR: what's new | Roseel\u00f3-Mallol","isPartOf":{"@id":"https:\/\/www.rosello-mallol.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.rosello-mallol.com\/en\/security-breaches-and-gdpr-whats-new\/#primaryimage"},"image":{"@id":"https:\/\/www.rosello-mallol.com\/en\/security-breaches-and-gdpr-whats-new\/#primaryimage"},"thumbnailUrl":"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/Brechas-seguridad-Incidencies-RGDP.jpg","datePublished":"2020-11-23T11:53:35+00:00","dateModified":"2021-03-11T09:52:22+00:00","description":"Security breaches has increased and incident management has changed a lot since this complicated year, and that requires a content update.","breadcrumb":{"@id":"https:\/\/www.rosello-mallol.com\/en\/security-breaches-and-gdpr-whats-new\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.rosello-mallol.com\/en\/security-breaches-and-gdpr-whats-new\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.rosello-mallol.com\/en\/security-breaches-and-gdpr-whats-new\/#primaryimage","url":"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/Brechas-seguridad-Incidencies-RGDP.jpg","contentUrl":"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/Brechas-seguridad-Incidencies-RGDP.jpg","width":800,"height":530,"caption":"Security breaches and GDPR: What's new"},{"@type":"BreadcrumbList","@id":"https:\/\/www.rosello-mallol.com\/en\/security-breaches-and-gdpr-whats-new\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Inici","item":"https:\/\/www.rosello-mallol.com\/en\/"},{"@type":"ListItem","position":2,"name":"Security breaches and the GDPR: what&#8217;s new"}]},{"@type":"WebSite","@id":"https:\/\/www.rosello-mallol.com\/en\/#website","url":"https:\/\/www.rosello-mallol.com\/en\/","name":"Rosell\u00f3 Mallol","description":"Despatx advocats experts en TIC i Protecci\u00f3 de dades","publisher":{"@id":"https:\/\/www.rosello-mallol.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.rosello-mallol.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.rosello-mallol.com\/en\/#organization","name":"Rosell\u00f3 Mallol - Advocats especialistes en dret digital","url":"https:\/\/www.rosello-mallol.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.rosello-mallol.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/logo-definitiu-web.png","contentUrl":"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/logo-definitiu-web.png","width":4000,"height":736,"caption":"Rosell\u00f3 Mallol - Advocats especialistes en dret digital"},"image":{"@id":"https:\/\/www.rosello-mallol.com\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/vic_rosello","https:\/\/www.instagram.com\/rosellomallol\/","https:\/\/www.linkedin.com\/in\/victorrosello\/","https:\/\/www.youtube.com\/channel\/UCxcqAdksWzsEaZ5UYoFJd0Q\/featured"]},{"@type":"Person","@id":"https:\/\/www.rosello-mallol.com\/en\/#\/schema\/person\/54fe3a9119386ad1ec22a0f09bc21147","name":"Marketing","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.rosello-mallol.com\/en\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/c298f7002ea52eec3d8a408ed8ef4fdf?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c298f7002ea52eec3d8a408ed8ef4fdf?s=96&d=mm&r=g","caption":"Marketing"},"url":"https:\/\/www.rosello-mallol.com\/en\/author\/marketing\/"}]}},"jetpack_featured_media_url":"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/Brechas-seguridad-Incidencies-RGDP.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/posts\/16032"}],"collection":[{"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/comments?post=16032"}],"version-history":[{"count":0,"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/posts\/16032\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/media\/13345"}],"wp:attachment":[{"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/media?parent=16032"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/categories?post=16032"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/tags?post=16032"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}