Issues and offence

The subsequent resolution and possible reporting of the incident to the ÚOOÚ(Personal Data Protection Authority) or even to data subjects then depends on the nature and extent of the incident and the risks for the data subjects. This decision is up to the company’s management.

The ÚOOÚ is an office in the Czech Republic that supervises compliance with the obligations stipulated by law in the processing of personal data.

Personal data breaches The Regulation defines Article 4 (12) as breaches of security which lead to the accidental or unlawful destruction, loss or unauthorized disclosure of personal data transmitted, stored or otherwise processed. If such a case occurs, the administrator or processor must address it immediately.

Incident – is divided into 3 basic categories, or it can be a combination of them:

  1. Breach of confidentiality – unauthorized or accidental disclosure (disclosure, etc.) of personal data or unauthorized access to them
  2. Violation of availability – accidental or unauthorized (unplanned) loss or destruction of personal data
  3. Integrity breach – unwanted or unauthorized change of personal data