Incidents that may cause a breach of personal data according to the AEPD and how to avoid them

Blog

News on cybersecurity, data protection and software solutions.

Incidents that may cause a breach of personal data according to the AEPD and how to avoid them

19 Jul, 21

Recently, the AEPD has published an update of its Guide for the notification of personal data breaches , a useful document so that those responsible for processing personal data know when to report a breach to the supervisory authority, in what term, or who and what content should include that notification.

In addition to publishing the new guide, the AEPD makes a assessment of the current situation in terms of personal data breaches, of which we highlight this fragment:

“The Agency has managed more than 700 data breaches reported in the first five months of 2021. Most of them have been caused by an external and intentional attack, ransomware being the most frequent threat, compromising not only availability but also confidentiality of personal data “.

If you do not apply these cybersecurity measures in your company, you are in breach of the LOPD and RGPD

We insist on the importance of implement preventive security measures as the only effective way to protect the personal data that your company guards against cyberattacks, abuse of internal privileges or human errors.

We recall that the LOPD requires the implementation of following cybersecurity measures for correct compliance:

  • Register and control the accesses made to files and programs that contain personal data. To do this, you need a registration and access control software such as ET Seguridad.
  • Limit the resources of the computer equipment to which users have access only to those they need for the development of their work functions (also possible with ET Security ).
  • Encrypt or password protect files, programs and removable devices that contain personal data, something possible with ET Encrypt , included free of charge with ET Seguridad.
  • Last but not least, you need to make physical and online backups of all the data on your business network. Cloud copies should be stored encrypted and duplicated elsewhere, as we offer with ET Backup . This is the only truly effective weapon against ransomware attacks, as they are becoming increasingly aggressive and difficult to block.

Avoid most personal data breaches with ET Seguridad

The AEPD includes in its new guide the incidents that can cause a security breach . In this table we detail which are the most common and how to prevent them:

Guiding incident

How does ET Seguridad solve it?

Unauthorized modification or deletion of personal data
  • Configure user profiles to limit access and functions of the computer equipment.
  • In the event of an incident, the activity log will determine who and when deleted or modified the data.
Abuse of access privileges to extract, forward or copy personal data
  • Configure user profiles to limit access and functions of the computer equipment.
  • Control access to certain files with username and password.
  • In the event of an incident, the activity log will record who, when and what actions performed on the IT equipment.
Personal data sent by mistake electronically
  • Use the ET Encrypt tool to encrypt any document with personal data that you are going to send over the internet. Thus, in case of human error, you will prevent them from reading the content.
Lost or stolen device
  • Use the ET Encrypt tool to preventively encrypt your removable USB devices. Thus, in case of loss or theft, you will prevent them from accessing its content.
Cyber incident: unauthorized access to personal data
  • Configure user profiles to prevent unauthorized access to confidential information.
  • Control access to documents containing personal data with username and password, or store them always encrypted.
N

Remember that, if you always predict documents containing personal data, it will not be necessary to notify the AEPD in the event of a cyber-incident or human error.

The reason for this is that, in the event that a file falls into the hands of an unauthorized third party, if it was previously encrypted, it will not be possible to access its content unless you know the password. Therefore, confidential information will remain intact, thus avoiding a personal data breach.

The preventive encryption of sensitive information, whether it is the one you store on your computer or the one you send over the internet, is a very simple habit once it has been acquired and is very beneficial for business activity, since it protects you, not only from external attacks, but from inadvertent human errors.

Get ET Security at a special price

Request your personalized offer and start applying all these digital security measures. Get complete LOPD security.

0 Comments

Submit a Comment

Your email address will not be published.

Related posts