15 Avril 2021
Notify a personal data breach
The General Data Protection Regulation (RGPD) requires data controllers to document, easyjet data breach, internally, personal data violations and to notify violations posing a risk to the rights and freedoms of individuals to the CNIL and, in certain cases, when the risk is high, to the people concerned.
What is a personal data breach?
For there to be a violation, 2 conditions must be met:
What to do in the event of a violation?
In all cases, you must internally document the incident by determining:
The summary document of your notification to the CNIL makes it possible to meet the obligation of internal documentation.
If the incident constitutes a risk with regard to the privacy of the persons concerned, you must notify the incident CNIL.
In case of high risk, you should also notify the affected persons.
If in doubt, notify the CNIL who will tell you if it is necessary to inform people.
The national platform for assistance to victims of cybermalveillance acts, you will find:
If the notified violation follows a cyber attack, it is advisable to file a complaint with the nearest police station or gendarmerie and have all the technical evidence in your possession available to investigators.
Examples of recommendations: changing the password of the users of a service, how to access the dark web safely, checking the integrity of the data in their online account, saving this data on a personal medium.