We see what happened when they were not present at the Yahoo security incident! UK 2014. In that case, ICO (the UK supervisory authority) fined Yahoo! UK 250,000 pounds for failing to reach an agreement with its US counterpart (among other breaches) in which the two organisations shared personal data and had a hacking that compromised the personal data of their customers. one. The nature of the breach of personal data, including, if possible, the categories and approximate number of people involved, as well as the approximate number of personal data involved From an operational point of view, some solutions may be preferable to others. Again, and let`s go back to point 1, the extent to which it is useful to argue for 24 hours depends on the context. If you share personal data with a lower risk of harm, you can accept a vague solution “without undue delay” because the risk of a negative scenario is very low anyway. Therefore, you can accept an additional risk as you and the processor have a different perspective on the importance of an inappropriate delay. However, if personal data is very likely to harm individuals and therefore harm your business, you would insist on 24 hours or any other delay to ensure that the notification reaches you quickly. This gives you more opportunity to react properly. Some even point out that such agreements must contain certain conditions as an absolute minimum. As a general rule, it is not enough to have a noA (non-disclosure agreement), confidentiality clauses or few paragraphs dealing with data protection in an existing ALS or other contract.
As a general rule, you need your own agreement with special clauses that you may not yet have known to comply with the law. There are very few DPA negotiations where the parties do not discuss the timing of notification of personal data breaches. The controller usually suggests 24 hours, and the processor wants to extend it, or contain no time limit. On the contrary, they suggest using a term such as “immediately” or “without undue delay.” Each option can meet the legal requirements of the RGPD.
El Lebeny Axis, Al Haraneyah, Giza Egypt
Mobile: +02 0109 904 9501
Mail: [email protected]