4.3 What should I do if there is a data breach (eg loss of data, etc.)?

A data breach is a security incident that affects the confidentiality, integrity or availability of personal data. Possible incidents that can lead to a data breach are:

• Access to personal data by an unauthorized third party;
• intentional or unintentional action that affects the security of personal data;
• sending personal data to an incorrect recipient;
• computer equipment with personal data that is lost or stolen;
• changing personal data without permission;

The GDPR obliges institutions to report serious data breaches to the DPA within 72 hours after the data breach has been acknowledged, unless it is unlikely that the personal data breach would pose a risk to the rights and freedoms of natural persons. It is therefore important that researchers always report a (suspected) breach of data as quickly as possible.

The exact procedure will differ per institution, but reporting the leak to the DPO will always be part of the procedure.

A form is provided within the University of Antwerp for reporting data breaches on this link https://forms.uantwerpen.be/nl/formulieren/personeel/data-protection/datalekken/

In the meantime, report this to  privacy@uantwerpen.be