{"id":10052,"date":"2021-11-10T13:12:18","date_gmt":"2021-11-10T11:12:18","guid":{"rendered":"https:\/\/ticsalutsocial.atoom.space\/noticia\/com-notificar-les-violacions-de-seguretat-pas-a-pas\/"},"modified":"2021-11-25T15:22:42","modified_gmt":"2021-11-25T13:22:42","slug":"com-notificar-les-violacions-de-seguretat-pas-a-pas","status":"publish","type":"noticia","link":"https:\/\/ticsalutsocial.atoom.space\/en\/noticia\/com-notificar-les-violacions-de-seguretat-pas-a-pas\/","title":{"rendered":"Step-by-step guide to reporting security breaches"},"content":{"rendered":"\n<p>The GDPR defines a <strong>security breach<\/strong> as any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.<\/p>\n\n\n\n<p>The data controller of a Health entity must report data security breaches to the supervisory authority when they pose a risk to the rights and freedoms of individuals. And in cases of high risk, also to those affected. This obligation is extended to all those entities that carry out any processing of personal data.<\/p>\n\n\n\n<p>When the entity is faced with a security incident such as improper access, <em>sniffing<\/em>, <em>malware<\/em> or compromised credentials, among others, it will have to assess whether the personal data of data subjects has been affected and proceed accordingly.<\/p>\n\n\n\n<p>From the moment it is established that the breach affects the rights and freedoms of individuals, the designated person will contact the Data Protection Officer. The latter<\/p>\n\n\n\n<p>will advise the Data Centre or person designated by the entity and the Data Protection and Security Committee; monitor compliance with data protection regulations; and will act as a point of contact with the Authority, as will have to be indicated on a notification form.<\/p>\n\n\n\n<p><strong>What types of security breaches are there?<\/strong><\/p>\n\n\n\n<p><strong>Confidentiality breach<\/strong><\/p>\n\n\n\n<p>When unauthorized or unlawful parties access personal data.<\/p>\n\n\n\n<p>The severity of the loss of confidentiality must be analysed in conjunction with the scope of its disclosure, that is, the potential number and type of parties who may have accessed the information.<\/p>\n\n\n\n<p><strong>Integrity breach<\/strong><\/p>\n\n\n\n<p>When the original information is altered and data is replaced to the detriment of the individual.<\/p>\n\n\n\n<p><strong>Availability breach<\/strong><\/p>\n\n\n\n<p>When the original data cannot be accessed at the moment it is needed. This breach can be temporary (recoverable data) or permanent (non-recoverable data).<\/p>\n\n\n\n<p>In the case of cross-border processing, security breaches may affect personal data in more than one Member State. In these cases, the corresponding supervisory authority will be competent to carry out the functions assigned to it and to exercise the powers conferred on it by the regulations in the territory of its Member State.<\/p>\n\n\n\n<p>Where the processing is carried out by public authorities in accordance with Article 6 (1) (c) or (e), the competent supervisory authority will be that of the Member State concerned.<\/p>\n\n\n\n<p><strong>Security breaches in the field of research<\/strong><\/p>\n\n\n\n<p>In the field of health data research, there are two elements that add complexity to the management of security breach notifications:<\/p>\n\n\n\n<p><strong>Regulatory complexity in the field of research<\/strong><\/p>\n\n\n\n<p>Depending on the type of project, we must adhere to the specific regulations that govern that specific project. Each rule establishes a series of specific and unique obligations in relation to the processing of the data used in the research project, regarding for example the data retention period or transfers third parties.<\/p>\n\n\n\n<p><strong>Complexity in determining who the data controller is<\/strong><\/p>\n\n\n\n<p>There are several actors that process data (the hospital, sponsor, foundation that manages research, monitor, etc.)&nbsp; and it is necessary to establish the relationships between them (data controller, joint controllers, data processor) to determine who will assess and report the security breach.<\/p>\n\n\n\n<p>For more information, please contact the Office of the Data Protection Officer at dpdicsalutsocial.cat or check the website www.dpdsalut.cat<\/p>\n\n\n\n<p><\/p>\n","protected":false},"author":3,"featured_media":9904,"menu_order":0,"template":"","meta":{"_acf_changed":false,"inline_featured_image":false},"etiqueta":[],"tipus":[107],"topic":[120],"class_list":["post-10052","noticia","type-noticia","status-publish","has-post-thumbnail","hentry","tipus-dpd-health","topic-dpo"],"acf":{"autor":"Oficina DPD","imatge":false,"textos_destacats":false,"documents":false},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Step-by-step guide to reporting security breaches - Fundaci\u00f3 TIC Salut i Social<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/ticsalutsocial.atoom.space\/en\/noticia\/com-notificar-les-violacions-de-seguretat-pas-a-pas\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Step-by-step guide to reporting security breaches - Fundaci\u00f3 TIC Salut i Social\" \/>\n<meta property=\"og:description\" content=\"The GDPR defines a security breach as any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. The data controller of a Health entity must report data security breaches to the supervisory authority when they pose a risk to [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/ticsalutsocial.atoom.space\/en\/noticia\/com-notificar-les-violacions-de-seguretat-pas-a-pas\/\" \/>\n<meta property=\"og:site_name\" content=\"Fundaci\u00f3 TIC Salut i Social\" \/>\n<meta property=\"article:modified_time\" content=\"2021-11-25T13:22:42+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/ticsalutsocial.atoom.space\/wp-content\/uploads\/2021\/11\/michael-dziedzic-0W4XLGITrHg-unsplash-scaled.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1924\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/ticsalutsocial.atoom.space\/en\/noticia\/com-notificar-les-violacions-de-seguretat-pas-a-pas\/\",\"url\":\"https:\/\/ticsalutsocial.atoom.space\/en\/noticia\/com-notificar-les-violacions-de-seguretat-pas-a-pas\/\",\"name\":\"Step-by-step guide to reporting security breaches - Fundaci\u00f3 TIC Salut i Social\",\"isPartOf\":{\"@id\":\"https:\/\/ticsalutsocial.atoom.space\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/ticsalutsocial.atoom.space\/en\/noticia\/com-notificar-les-violacions-de-seguretat-pas-a-pas\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/ticsalutsocial.atoom.space\/en\/noticia\/com-notificar-les-violacions-de-seguretat-pas-a-pas\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/ticsalutsocial.atoom.space\/wp-content\/uploads\/2021\/11\/michael-dziedzic-0W4XLGITrHg-unsplash-scaled.jpg\",\"datePublished\":\"2021-11-10T11:12:18+00:00\",\"dateModified\":\"2021-11-25T13:22:42+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/ticsalutsocial.atoom.space\/en\/noticia\/com-notificar-les-violacions-de-seguretat-pas-a-pas\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/ticsalutsocial.atoom.space\/en\/noticia\/com-notificar-les-violacions-de-seguretat-pas-a-pas\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/ticsalutsocial.atoom.space\/en\/noticia\/com-notificar-les-violacions-de-seguretat-pas-a-pas\/#primaryimage\",\"url\":\"https:\/\/ticsalutsocial.atoom.space\/wp-content\/uploads\/2021\/11\/michael-dziedzic-0W4XLGITrHg-unsplash-scaled.jpg\",\"contentUrl\":\"https:\/\/ticsalutsocial.atoom.space\/wp-content\/uploads\/2021\/11\/michael-dziedzic-0W4XLGITrHg-unsplash-scaled.jpg\",\"width\":2560,\"height\":1924},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/ticsalutsocial.atoom.space\/en\/noticia\/com-notificar-les-violacions-de-seguretat-pas-a-pas\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Inici\",\"item\":\"https:\/\/ticsalutsocial.atoom.space\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Step-by-step guide to reporting security breaches\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/ticsalutsocial.atoom.space\/en\/#website\",\"url\":\"https:\/\/ticsalutsocial.atoom.space\/en\/\",\"name\":\"Fundaci\u00f3 TIC Salut i Social\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/ticsalutsocial.atoom.space\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Step-by-step guide to reporting security breaches - Fundaci\u00f3 TIC Salut i Social","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/ticsalutsocial.atoom.space\/en\/noticia\/com-notificar-les-violacions-de-seguretat-pas-a-pas\/","og_locale":"en_US","og_type":"article","og_title":"Step-by-step guide to reporting security breaches - Fundaci\u00f3 TIC Salut i Social","og_description":"The GDPR defines a security breach as any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. The data controller of a Health entity must report data security breaches to the supervisory authority when they pose a risk to [&hellip;]","og_url":"https:\/\/ticsalutsocial.atoom.space\/en\/noticia\/com-notificar-les-violacions-de-seguretat-pas-a-pas\/","og_site_name":"Fundaci\u00f3 TIC Salut i Social","article_modified_time":"2021-11-25T13:22:42+00:00","og_image":[{"width":2560,"height":1924,"url":"https:\/\/ticsalutsocial.atoom.space\/wp-content\/uploads\/2021\/11\/michael-dziedzic-0W4XLGITrHg-unsplash-scaled.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/ticsalutsocial.atoom.space\/en\/noticia\/com-notificar-les-violacions-de-seguretat-pas-a-pas\/","url":"https:\/\/ticsalutsocial.atoom.space\/en\/noticia\/com-notificar-les-violacions-de-seguretat-pas-a-pas\/","name":"Step-by-step guide to reporting security breaches - Fundaci\u00f3 TIC Salut i Social","isPartOf":{"@id":"https:\/\/ticsalutsocial.atoom.space\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/ticsalutsocial.atoom.space\/en\/noticia\/com-notificar-les-violacions-de-seguretat-pas-a-pas\/#primaryimage"},"image":{"@id":"https:\/\/ticsalutsocial.atoom.space\/en\/noticia\/com-notificar-les-violacions-de-seguretat-pas-a-pas\/#primaryimage"},"thumbnailUrl":"https:\/\/ticsalutsocial.atoom.space\/wp-content\/uploads\/2021\/11\/michael-dziedzic-0W4XLGITrHg-unsplash-scaled.jpg","datePublished":"2021-11-10T11:12:18+00:00","dateModified":"2021-11-25T13:22:42+00:00","breadcrumb":{"@id":"https:\/\/ticsalutsocial.atoom.space\/en\/noticia\/com-notificar-les-violacions-de-seguretat-pas-a-pas\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/ticsalutsocial.atoom.space\/en\/noticia\/com-notificar-les-violacions-de-seguretat-pas-a-pas\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/ticsalutsocial.atoom.space\/en\/noticia\/com-notificar-les-violacions-de-seguretat-pas-a-pas\/#primaryimage","url":"https:\/\/ticsalutsocial.atoom.space\/wp-content\/uploads\/2021\/11\/michael-dziedzic-0W4XLGITrHg-unsplash-scaled.jpg","contentUrl":"https:\/\/ticsalutsocial.atoom.space\/wp-content\/uploads\/2021\/11\/michael-dziedzic-0W4XLGITrHg-unsplash-scaled.jpg","width":2560,"height":1924},{"@type":"BreadcrumbList","@id":"https:\/\/ticsalutsocial.atoom.space\/en\/noticia\/com-notificar-les-violacions-de-seguretat-pas-a-pas\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Inici","item":"https:\/\/ticsalutsocial.atoom.space\/en\/"},{"@type":"ListItem","position":2,"name":"Step-by-step guide to reporting security breaches"}]},{"@type":"WebSite","@id":"https:\/\/ticsalutsocial.atoom.space\/en\/#website","url":"https:\/\/ticsalutsocial.atoom.space\/en\/","name":"Fundaci\u00f3 TIC Salut i Social","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/ticsalutsocial.atoom.space\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/ticsalutsocial.atoom.space\/en\/wp-json\/wp\/v2\/noticia\/10052","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ticsalutsocial.atoom.space\/en\/wp-json\/wp\/v2\/noticia"}],"about":[{"href":"https:\/\/ticsalutsocial.atoom.space\/en\/wp-json\/wp\/v2\/types\/noticia"}],"author":[{"embeddable":true,"href":"https:\/\/ticsalutsocial.atoom.space\/en\/wp-json\/wp\/v2\/users\/3"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ticsalutsocial.atoom.space\/en\/wp-json\/wp\/v2\/media\/9904"}],"wp:attachment":[{"href":"https:\/\/ticsalutsocial.atoom.space\/en\/wp-json\/wp\/v2\/media?parent=10052"}],"wp:term":[{"taxonomy":"etiqueta","embeddable":true,"href":"https:\/\/ticsalutsocial.atoom.space\/en\/wp-json\/wp\/v2\/etiqueta?post=10052"},{"taxonomy":"tipus","embeddable":true,"href":"https:\/\/ticsalutsocial.atoom.space\/en\/wp-json\/wp\/v2\/tipus?post=10052"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/ticsalutsocial.atoom.space\/en\/wp-json\/wp\/v2\/topic?post=10052"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}