Please enable JavaScript.
Coggle requires JavaScript to display documents.
10-SECURITY (art.32- SECURITY OF PROCESSING (for controller and processor,…
10-
SECURITY
art.5(1)f -
INTEGRITY AND CONFIDENTIALITY
tech and organisational measures
to prevent unauthorized/unlawful processing, loss/destruction/damage
for processor and controller
art.32-
SECURITY OF PROCESSING
for controller and processor
risk based approach
relevance of consensus of professional opinion
art.32(4)-
confidentiality duty of employees
art.28-
PROCESSOR SECURITY DUTIES
art.28 flows down security duties into processors/subprocessors
duty to collaborate with controller to reduce security risks, e.g. data breach notification, audits
DATA BREACHES NOTIFICATION
art.4(12)-breach:
actual
accidental/unlawful destruction/loss/alteration/unauthorized disclosure
art.33-NOTIFYING
DPA
as soon as controller becomes aware of the breach (
72h
)
after assessment of the
risk
thereof to rights and freedoms of individuals
processor shall notify breaches to controller with no undue delay
art.34-NOTIFYING
DS
if breach presents
high
risks
to the rights and freedoms of individuals
EXCEPTIONS
measures in place to
render the data unintelligible
steps
in place to prevent high risk
notification would entail
disproportionate effort