The Federal Data Protection and Information Commissioner (FDPIC) has published a new guide to help organisations understand when and how to report data breaches.
When a security breach exposes, alters, or discloses personal data, organisations must assess the level of risk. If the breach poses a high risk, they are required to report it to the FDPIC and, in some cases, inform affected individuals under the Data Protection Act.
The new guide answers key questions, including:
- When is reporting mandatory or optional?
- How should the seriousness of a breach be assessed?
- What details must be included in a notification?
- Who should be informed?
The guide is available online in multiple languages, including French. This follows the FDPIC’s 2024 release of a similar guide for IT managers, aimed at strengthening data protection practices.
For more details, visit the FDPIC’s official website, or download the guide here.