How to communicate a security incident to the holders?
The communication of security incidents to the ANPD must be carried out by the data protection officer or by a legally constituted representative of the controller by completing the form made available by the Authority and must be filed electronically.
Likewise, communication of an incident to data subjects should use the best communication channels available, be they email lists, SMS and WhatsApp, a disclaimer on the company's official website or even a press gambling data south korea release in advertising media in cases of large-scale incidents. The choice of communication channels to notify data subjects of a personal data security incident may depend on the type of company, the target audience and the circumstances of the incident.
In communication, the company must:
1. Identify the incident that occurred and make it clear that you acted as quickly as possible and took steps to contain it and minimize its impacts.
2. Include information about the type of data compromised and the impact of the incident.
3. Detail the measures the company is taking to remedy the situation.
Even after communications, the company must monitor the consequences of the incident and record all steps taken to remedy the situation. In addition, the company must produce a full report on the incident, including its causes, impacts and mitigation measures.
頁:
[1]