The European Union’s General Data Protection Regulation (GDPR) is less than six months away from becoming law. In our 12-part blog series exploring the impact of the GDPR legislation on employment screening programs in the EU, HireRight’s Associate General Counsel in EMEA, Caroline Smith, addresses key issues and concepts to get your employment screening program GDPR-Ready.
The GDPR introduces a duty on organizations to report certain data breaches to their supervisory authority (Article 33) and, in some cases, to individuals (Article 34). The GDPR now makes it mandatory for all data controllers to notify the supervisory authority unless a breach is unlikely to result in a risk to the rights and freedoms of individuals. Data processors also have an important role to play, and they must notify their controller of any breach.
This is the latest topic to be tackled by the Article 29 Working Party, who issued their guidelines on data breach notification for consultation. The consultation period will run for 6 weeks from 17 October 2017. Read the Article 29 Working Party guidelines.
In Step 6 of our GDPR blog series, we talked about why every prudent data processor should use Privacy Impact Assessments (PIA).
Now it’s time to continue the journey with Step 7 on the road to GDPR compliance:
“Once more unto the breach…” Why galvanizing your troops to deal with a data breach is a key part to compliance with the GDPR”
In Step 7, you will learn:
- What is a data breach?
- What types of breach require notification?
- Who has to notify and in what time period?
- How to rally the troops – can your data processor support your data breach notification efforts?
*Did you miss Step 6? Read it here.