This GDPR Model Breach Notification Policy describes rights and obligations under the GDPR “Regulation.” It is not intended as a comprehensive summary of the Regulation, but rather its intent is to provide you with information regarding your Personal Data and the free exercise of your rights therein. Further, we will provide you information at various access points, using various media, as is reasonable and appropriate.
A breach under GDPR means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise Processed. This product provides definitions of “security incidents” (“Incident”) meaning the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an Information System. Organizations are required to track and review all Incidents to determine when Breach Notification is triggered, as well as to follow regulations when an Incident is classified as a Breach.
The GDPR is a monstrous regulation and they have done an excellent job of moving the ball down the field. GDPR is widely acknowledged as the first global privacy and security regulation and so we can expect some growing pains. Our intentions, as always, are to apply our agile methodology to get quick results fast, learning every step of the way.