Scheme for Personal Data Breaches
This certification scheme is developed to assess compliance with the requirements of the General Data Protection Regulation to implement a data breach management process and respond to a personal data breach promptly.
Personal Data Breach Management
The General Data Protection Regulation (GDPR) introduced the requirement for a personal data breach to be notified to the competent national supervisory authority (or in the case of a cross-border breach, to the lead authority) and, in certain cases, to communicate the breach to the individuals whose personal data have been affected by the breach.
This certification scheme targets the personal data breach management process performed by data controllers and processors and includes all personal data breach management activities. It applies to controllers and processors with processing operations located in the Union and those of processors outside the Union engaged by controllers located in the Union and covers:
- implementation of technical and organisational measures that can effectively limit the likelihood and severity of a personal data breach
- all personal data breach notification obligations and related measures, and
- introducing additional security measures or correcting failures or deficiencies in the security measures already implemented.