Use the Lexology Navigator tool to compare the answers in this article with those from other jurisdictions.

Data security and breach notification

Security obligations

Are there specific security obligations that must be complied with?

Controllers must take appropriate technical and organisational security measures to protect personal data. When deciding on these measures, they should consider:

  • available techniques;
  • the cost of the measures;
  • whether there are any special risks concerning the processing; and
  • the sensitivity of the data.

Breach notification

Are data owners/processors required to notify individuals in the event of a breach?

At present, there is no such requirement. In the event of a breach after the EU General Data Protection Regulation enters into force on May 25 2018, controllers will be required to inform data subjects without unnecessary delay if the breach represents a high risk to their integrity.

Are data owners/processors required to notify the regulator in the event of a breach?

At present, there is no such requirement.

In the event of a breach after May 25 2018, controllers will be required to notify the Data Inspection Board without unnecessary delay and no later than 72 hours after becoming aware of a personal data breach, unless the breach is unlikely to result in a risk to the integrity of the data subject.

Click here to view the full article.