How to report a provider data breach
- Who reports: Any employee of DOME's partners, or any data subject that might have been affected by a data breach in a processing activity that relates to the DOME project, who becomes aware of an incident must immediately report the incident. In addition, the identification of an incident may occur through sources internal or external to DOME.
- How and when to communicate : This communication will be done within the first 24 hours after the occurrence of the incident by sending an email to the Privacy Helpdesk to the mailbox privacy.helpdesk@dome-project.eu.
- What is communicated: It is essential that as much information as possible is provided in detail to the Privacy Helpdesk staff about what has happened. The communication should contain the following minimum information and answer the following questions:
- When: Day and time when the incident occurred and when it was recorded.
- Where: place where the incident occurs.
- What: description of what happened in the incident, description of the actual and potential consequences, equipment, systems and data categories affected, facts related to the incident. What kind of personal data was affected (e.g., health data, religion, sexual orientation, data of minors, fingerprints, images, voice or data on union membership).
- How much personal data may have been compromised?
- Who: companies involved, people involved.
- Any other information you consider relevant.
No Comments