In May 2018, the Luxembourgish government published its National Cybersecurity Strategy III, defining priority goals and guidelines for 2018-2020. One of its objectives is to combat cybercrime and enhance crisis management solutions. Data breaches being the main consequence of cybercrimes, let’s take a closer look at what they are, how to address them and how to prepare.
(Featured Image: Laure Chemla, Intellectual Property Senior Associate at CMS / Image Credit © Anna Katina / Silicon Luxembourg)
1. What is a data breach?
If you fall victim to a cybercrime, you may face a data breach resulting from a security breach, which leads to the access, modification and/or destruction of personal data without authorization. Data breaches fall under three different categories: confidentiality, availability and integrity. There is a breach of confidentiality when there is unauthorized access to personal data, whereas availability refers to the loss or destruction of personal data. Finally, integrity refers to the unauthorized modification of personal data. Depending on the attack, you may face one or more types of breach.
2. How to address it?
If your company is facing a data breach you have to determine whether the said breach represents a high risk for the rights and freedom of the subject from whom you have collected personal data. Once the risk has been detected, you will have to notify the CNPD (National Commission for Data Protection) through an online form within 72 hours. You will have to provide information on the nature of the breach, the starting and ending date of the attack, your company’s contact person in charge of managing the incident, the likely consequences of the breach and, most importantly, the measures taken to address the breach. The CNPD will review your notification and may contact you to confirm its authenticity. In parallel, you may also have to inform the individuals potentially affected by the data breach.
3. How to get prepared?
As a data processor, you are responsible for setting up organizational and technical measures to protect the personal data you are holding and notifying the CNPD in time.
Data breaches and data leaks can have huge consequences for your business. Opt for cybersecurity insurance that covers legal costs in the case of data protection and cyber liability.