Difference between revisions of "Data Breaches"
(Created page with " == Introduction to Data Breaches == ''Data breaches'' provide the mean for data subjects to exercise their right to access information about the processing of their ''person...") |
(→Privileges) |
||
| (13 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
== Introduction to Data Breaches == | == Introduction to Data Breaches == | ||
| − | + | Data breaches workflow provide the mean to manage the lifecycle of ''data breaches''. This means recording and updating the information related to the ''data breach'', supporting the tasks needed for remediation and the needed communication. | |
| − | '' | ||
| − | |||
| − | |||
== Workflow == | == Workflow == | ||
| − | A new '' | + | A new ''data breach'' can be created using the '''Add New''' functionality and choosing "New Data Breach". |
| − | A workflow enables to move '' | + | A workflow enables to move ''data breaches" in several statuses as shown in the following picture. |
| − | [[File: | + | [[File:Data_Breaches_Workflow_ENG_v1.0.JPG|centre|thumb|800x800px|Data Breaches workflow and statuses.]] |
| Line 19: | Line 16: | ||
! Status !! Description | ! Status !! Description | ||
|- | |- | ||
| − | |Default || A temporary status when the '' | + | |Default || A temporary status when the ''data breach'' is initially created before the first save. |
| + | |- | ||
| + | |Opened || A ''data breach'' in this status is raised for analysis. | ||
|- | |- | ||
| − | | | + | |Analysed || In this status, the analysis of a ''data breach'' is completed. The ''data breach'' is therefore to be cancelled or to be actioned (taken in charge). |
|- | |- | ||
| − | | | + | |In charge || In this status, the ''data breach'' has been taken in charge and it is being actioned. |
|- | |- | ||
| − | | | + | |Notified || In this status, the ''data breach'' has been notified to the interested parties. |
|- | |- | ||
| − | | | + | |Resolved || In this status, all activities related to the ''data breach'' are completed and closure is expected after confirmation of remediation. |
|- | |- | ||
| − | | | + | |Suspended || Activities concerning the ''data breach'' are temporarily suspended. |
|- | |- | ||
| − | | | + | |Closed || In this status, all activities related to the ''data breach'' are performed and remediation / communications are completed. This is an end of life status, meaning no further status transitions are allowed. |
|- | |- | ||
| − | | | + | |Cancelled || ''Data breach'' cancelled. This is an end of life status. |
|- | |- | ||
|} | |} | ||
== Information == | == Information == | ||
| − | '' | + | ''Data breach'' records are organized in seven sections: |
| − | * <u>''Identification''</u>, where identification data of the '' | + | * <u>''Identification''</u>, where identification data of the ''data breach'' are recorded, |
| − | * <u>''Ownership & Organization''</u>, containing the assignment of the key roles enabled to manage the '' | + | * <u>''Ownership & Organization''</u>, containing the assignment of the key roles enabled to manage the ''data breach''; |
| − | * <u>'' | + | * <u>''Investigator''</u>, with the details of the resource in charge of investigating the ''data breach''; |
| − | * <u>''Data | + | * <u>''Data Breach Details''</u>, with the details of the ''data breach''; |
| − | * <u>''Data | + | * <u>''Data Breach Impact''</u>, containing information about the ''data breach'' impact; |
| + | * <u>''Data Breach Notification''</u>, containing information about the notification of the ''data breach''; | ||
| + | * <u>''Remediation Actions''</u>, containing information about the remediation actions for the ''data breach''. | ||
Detailed information on the meaning and use of every field can be found by pointing the mouse on the (i) next to each field. This will activate a tooltip with a brief description of the field. | Detailed information on the meaning and use of every field can be found by pointing the mouse on the (i) next to each field. This will activate a tooltip with a brief description of the field. | ||
| Line 51: | Line 52: | ||
== Privileges == | == Privileges == | ||
| − | '' | + | ''Data breaches'' can be created by the ''users'' to whom the corresponding privilege is granted (see [[Users & Groups]] for more information on how to set this privilege). |
| − | The lifecycle of the '' | + | The lifecycle of the ''dta breach'' is managed by the roles described in the table below. ''Groups'' are pre assigned to the roles according to the ''settings'' (see [[Settings]] for more information on how to set these defaults). Initial assignments can be modified according to privileges choosing among the enabled ''groups'' (see once again [[Settings]] for more information on how to enable ''groups''). |
{| class="wikitable" | {| class="wikitable" | ||
| Line 67: | Line 68: | ||
|<u>Data Processor Group</u> || Members of the ''group'' assigned to this role have view (read) privileges. | |<u>Data Processor Group</u> || Members of the ''group'' assigned to this role have view (read) privileges. | ||
|- | |- | ||
| − | |<u> | + | |<u>Investigation Team</u> || Members of this ''group'' have several privileges. They can manage the entire lifecycle, being enabled to: |
* transition records to any compatible status, | * transition records to any compatible status, | ||
* update fields when possible. | * update fields when possible. | ||
|- | |- | ||
| − | |<u> | + | |<u>Auditors Team</u> || Members of the ''group'' assigned to this role have view (read) privileges. |
|- | |- | ||
|<u>Owner</u> || This role can be assigned to a single user among members of the ''groups'' previously described. The <u>Owner</u> has several privileges: | |<u>Owner</u> || This role can be assigned to a single user among members of the ''groups'' previously described. The <u>Owner</u> has several privileges: | ||
| Line 82: | Line 83: | ||
== Reports == | == Reports == | ||
| − | The list of '' | + | The list of ''data breaches'' can be filtered and exported to excel format from the ''view'' '''''Data Breaches'''''. |
== Related processes == | == Related processes == | ||
| − | '' | + | ''Data breaches'' can be related to ''risks'', ''actions'' and ''issues / non conformities''. |
Latest revision as of 10:31, 10 October 2018
Contents
Introduction to Data Breaches
Data breaches workflow provide the mean to manage the lifecycle of data breaches. This means recording and updating the information related to the data breach, supporting the tasks needed for remediation and the needed communication.
Workflow
A new data breach can be created using the Add New functionality and choosing "New Data Breach".
A workflow enables to move data breaches" in several statuses as shown in the following picture.
The following table explains the meaning of each status:
| Status | Description |
|---|---|
| Default | A temporary status when the data breach is initially created before the first save. |
| Opened | A data breach in this status is raised for analysis. |
| Analysed | In this status, the analysis of a data breach is completed. The data breach is therefore to be cancelled or to be actioned (taken in charge). |
| In charge | In this status, the data breach has been taken in charge and it is being actioned. |
| Notified | In this status, the data breach has been notified to the interested parties. |
| Resolved | In this status, all activities related to the data breach are completed and closure is expected after confirmation of remediation. |
| Suspended | Activities concerning the data breach are temporarily suspended. |
| Closed | In this status, all activities related to the data breach are performed and remediation / communications are completed. This is an end of life status, meaning no further status transitions are allowed. |
| Cancelled | Data breach cancelled. This is an end of life status. |
Information
Data breach records are organized in seven sections:
- Identification, where identification data of the data breach are recorded,
- Ownership & Organization, containing the assignment of the key roles enabled to manage the data breach;
- Investigator, with the details of the resource in charge of investigating the data breach;
- Data Breach Details, with the details of the data breach;
- Data Breach Impact, containing information about the data breach impact;
- Data Breach Notification, containing information about the notification of the data breach;
- Remediation Actions, containing information about the remediation actions for the data breach.
Detailed information on the meaning and use of every field can be found by pointing the mouse on the (i) next to each field. This will activate a tooltip with a brief description of the field.
Additional information can be found in the secondary forms of the record: attachments, related items, messages and history. See How To for more information.
Privileges
Data breaches can be created by the users to whom the corresponding privilege is granted (see Users & Groups for more information on how to set this privilege).
The lifecycle of the dta breach is managed by the roles described in the table below. Groups are pre assigned to the roles according to the settings (see Settings for more information on how to set these defaults). Initial assignments can be modified according to privileges choosing among the enabled groups (see once again Settings for more information on how to enable groups).
| Role | Description |
|---|---|
| DPO Group | Members of the group assigned to this role have full privileges. They can:
|
| Data Controller Group | Members of the group assigned to this role have view (read) privileges. |
| Data Processor Group | Members of the group assigned to this role have view (read) privileges. |
| Investigation Team | Members of this group have several privileges. They can manage the entire lifecycle, being enabled to:
|
| Auditors Team | Members of the group assigned to this role have view (read) privileges. |
| Owner | This role can be assigned to a single user among members of the groups previously described. The Owner has several privileges:
|
Warning and alerts
TBC
Reports
The list of data breaches can be filtered and exported to excel format from the view Data Breaches.
Related processes
Data breaches can be related to risks, actions and issues / non conformities.
