Reading time
2 minutes
Summary
This module is about data breaches, a collective term referring to all situations in which personal data is accessed, destroyed, modified or released, without this being the intention or being legally allowed. Data breaches come in all shapes and sizes, ranging from accidental distribution of your colleagues’ email addresses in CC in an email to an external supplier and leaving a document with a reorganisation plan containing your colleagues’ names behind on the printer to the classic case of losing a USB stick on which all kinds of personal data from the organisation is saved.
If you work with personal data, then you must always ask yourself several questions. For what purpose am I actually collecting personal data and am I in fact permitted to collect it (in other words, do I have a basis for doing so)? And if I do collect personal data, which data do I need at minimum in order to fulfil my purpose? Do the data subjects know that I am collecting their personal data and for what purpose I am doing that? These questions are discussed in further detail on the page 'What are the risks and how can I reduce them?'.
When sharing personal data with others, there are also several basic principles you must apply. Which type of document contains the personal data and are you allowed to share the data with others based on the classification of the information in that document? What authorisation do you yourself have in the organisation and do the people with whom you will share the data have the same access levels (‘authorisation’) with respect to this data? Especially when working in cloud-based applications, you must pay particular attention that the way in which you share files and folders is in keeping with the access level of the people with whom you are sharing them.
Working securely with personal data needs to be second nature. In addition to general digital hygiene as discussed previously in this course, this also involves the awareness that you must never lend business equipment to anyone, not even when at home. It also concerns social aspects such as hierarchical relationships: can the person from whom you are requesting access to their personal data decide whether or not to give their consent of their own free will? And can that person withdraw their consent later without feeling pressured?
As you can see, the handling of personal data is an interesting and wide-ranging subject. In this chapter you will learn how you can guarantee you are handling personal data as securely as possible and thus how you can minimise the risk of a data breach occurring. And if things do go wrong, respond immediately and report the data breach right away to [add contact details]. They will then determine what action can subsequently be taken. You may not and must not decide that yourself.
As usual, we will begin each module with a short quiz so you can find out what you already know about the various subjects.
Good luck with the fourth module!