Protocols for internal reporting within a GDI node as soon as a data breach is detected.
Designation of responsible personnel for initial breach reporting.
Notification to European-level Authorities:
Detailed steps on how to notify relevant European-level authorities, including the European Data Protection Supervisor (EDPS) and other regulatory bodies, within the required timeframe (typically within 72 hours of becoming aware of the breach).
Information that must be included in the notification, such as:
Nature of the data breach.
Categories and approximate number of affected individuals and data records.
Likely consequences of the breach.
Measures taken or proposed to address the breach and mitigate its effects.
Communication with Affected Parties:
Guidelines for communicating with affected individuals when the data breach is likely to result in a high risk to their rights and freedoms.
Templates and standardized messages for breach notifications.
Coordination and Collaboration:
Procedures for coordinating with other GDI nodes and relevant stakeholders during the reporting process.
Guidelines for collaborative efforts in investigation and mitigation across different nodes.
Documentation and Record-Keeping:
Requirements for documenting all breach reports, notifications, and communications.
Record-keeping standards to ensure compliance with legal and regulatory requirements.
Follow-up and Monitoring:
Procedures for follow-up actions after the initial reporting, including updates to regulatory bodies and affected individuals.
Monitoring and review of the breach handling process to improve future responses.
Training and Awareness:
Training requirements for staff to ensure they are familiar with the SOP and can effectively execute reporting procedures.
Regular awareness programs to keep staff updated on reporting protocols and any changes in regulatory requirements.
Motivation
There is currently a need for a standardized procedure for reporting data breaches at a European level within the GDI network. Without such a procedure, there is a risk of non-compliance with regulatory requirements, inconsistent communication with authorities and affected individuals, and ineffective breach management. This SOP will ensure that all GDI nodes report breaches in a timely and compliant manner, protecting the rights and interests of individuals and maintaining trust in the GDI network.
This SOP will ensure that data breach reporting is consistent and compliant with European regulations across all GDI nodes. It will enhance the overall security and trustworthiness of the GDI network by ensuring timely and effective communication with regulatory bodies and affected individuals. All GDI nodes and stakeholders will benefit from clear and standardized reporting procedures, reducing the risk of regulatory penalties and reputational damage.
Stakeholders
1+MG Management Board
GDI Coordination Committee
IT security team
GDI central and nodes' Helpdesk
Node administrators
Legal and compliance teams
European Data Protection Supervisor (EDPS)
Other relevant regulatory bodies
Additional Information
Consider outlining specific examples of data breach scenarios and how the SOP should be applied in those cases. Include contact information for European-level authorities and any relevant templates for breach notifications.
Requester GDI role
Yes
Requester GDI Node
EMBL-EBI
Confirmation
[X] I have searched the existing SOPs and this request does not duplicate an existing SOP.
[X] I understand that submitting this request does not guarantee the creation of the SOP.
SOP topics
Data protection & security
SOP type
European-level
SOP Title
Reporting a Data Breach
Detailed Description
Immediate Internal Reporting:
Notification to European-level Authorities:
Communication with Affected Parties:
Coordination and Collaboration:
Documentation and Record-Keeping:
Follow-up and Monitoring:
Training and Awareness:
Motivation
There is currently a need for a standardized procedure for reporting data breaches at a European level within the GDI network. Without such a procedure, there is a risk of non-compliance with regulatory requirements, inconsistent communication with authorities and affected individuals, and ineffective breach management. This SOP will ensure that all GDI nodes report breaches in a timely and compliant manner, protecting the rights and interests of individuals and maintaining trust in the GDI network.
Existing Procedures or References
Impact
This SOP will ensure that data breach reporting is consistent and compliant with European regulations across all GDI nodes. It will enhance the overall security and trustworthiness of the GDI network by ensuring timely and effective communication with regulatory bodies and affected individuals. All GDI nodes and stakeholders will benefit from clear and standardized reporting procedures, reducing the risk of regulatory penalties and reputational damage.
Stakeholders
Additional Information
Consider outlining specific examples of data breach scenarios and how the SOP should be applied in those cases. Include contact information for European-level authorities and any relevant templates for breach notifications.
Requester GDI role
Yes
Requester GDI Node
EMBL-EBI
Confirmation