Personal data security breach
A breach of personal data security encompasses any incident that compromises the confidentiality, availability or integrity of information. At HEKA we design strategies to implement a preventive and reactive approach, raising employee awareness and assessing legal, organizational and technical risks to ensure compliance with regulations and best practices.
The Organic Law on Personal Data Protection and its Regulations have established as an additional obligation, in cases of breaches, to notify the competent authorities and the owner of the personal data in cases where there is an imminent violation of the rights and freedoms of the latter.
Despite the lack of a Supervisory Authority, it is important to have an internal compliance platform so that the company can establish policies, procedures and controls that strengthen its data protection posture.
What Constitutes a Personal Data Security Breach?
- ๐๏ธ Destruction or impossibility of access to the data by the data controller.
- ๐ Data alteration or corruption.
- ๐คทโโ๏ธ Loss of control or access to the data
- ๐ซ Unauthorized or unlawful treatment
What to do in the event of a breach?
In the event of a security breach of personal data, the company must:
- ๐ Identify the origin, scope, systems breached, data and categories of data subjects affected.
- ๐ต๏ธ Activate compliance with policies to contain and mitigate associated risks
- ๐ป Conduct assessments of the impact of security breaches on the rights of the affected owners.
- ๐ต๏ธโโ๏ธ Analyze the risk involved for the company in economic, operational and reputational aspects.
- ๐ Notifying, under the terms of the LOPDP and its Regulations, the Data Protection Superintendence, ARCOTEL and the owner.
- ๐ Keep a record of incidents seeking resilience and continuous improvement.
We collaborate for the security of the owners and the company.
- ๐ก๏ธ We implement customized security measures: Each company is a world of its own. We help you to protect information according to maturity level
- Exclusive Collaboration: We work with the Company to build an integrated gap management system.
- ๐ Without Control Authority, But with Commitment: Despite the absence of an authority, we are committed to establishing standards and practices that ensure regulatory compliance and the protection of information assets.