Data breach management policy

Below you can consult the "Policy for the management of security incidents in relation to personal data (Data Breaches) at Ca' Foscari University of Venice", approved by Decree of the General Director No. 743/2018, protocol No. 58094 of October 22, 2018.

The document regulates in detail data processes relating to the management of security incidents with particular reference to cases of Personal Data Breach - security breaches that could lead to the loss, destruction or misuse of personal data - including notification to the The competent monitoring Authority, so that it can assess the seriousness of the situation and establish measures to be imposed on the Data Controller, and, in the event of a high risk for the rights and freedoms of users, communication to data subjects, as prescribed by articles 33 and 34 of Regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016 respectively "concerning the protection of individuals with regard to the processing of personal data, as well as the free movement of such data, which abrogates Directive 95/46 / EC (General Data Protection Regulation) ". Indeed, it is clear that a serious situation would be created by any such violation of personal data, with consequent physical, material, reputational, social and economic damages for data subjects.

More precisely, after a brief introduction addressing the objectives set out, a series of definitions and the specification of the scope of application and types of Personal Data Breach, the University Policy describes the established procedure for the protection of data security, which goes from the detection of the security incident and the assessment of damages caused, through the use of a specific model, to the decision to notify the Guarantor and to send a communication to the data subjects to contain and resolve it, with the obligation to register the incident in the so-called Personal Data Breach Register. The document, finally, illustrates the responsibilities deriving from the violation of the procedure described and gives examples of Personal Data Breaches with the consequent need (or otherwise) to notify the Guarantor and send a communication to the data subjects.

file pdfData breach management policy
Publication date: 25/10/2018

Last update: 19/07/2019