Is it true that confidentiality breach is only one of other possible violations to principles that must be considered in the impact analysis?

QuestionsCategory: Impact, Risk and MeasuresIs it true that confidentiality breach is only one of other possible violations to principles that must be considered in the impact analysis?
Convegno #Ready4EUDataP asked 6 years ago
1 Answers
Mariangela Fagnani Staff answered 6 years ago

In the impact analysis process the confidentiality breach is only one of other possible violations. In fact, in line with the “holistic security approach”, the information security violations concern the confidentiality, the integrity and the availability of the information.
In addition, in GDPR Article 4 – “Definitions”, paragraph 12, reads: “personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
 
For the above reasons it follows that the impact analysis, with the consequent risk assessment, should consider all the security dimensions and not be limited only to confidentiality. This approach is explicitly expressed in GDPR:” omissis …………… Those measures should ensure an appropriate level of security, including confidentiality, taking into account the state of the art and the costs of implementation in relation to the risks and the nature of the personal data to be protected. In assessing data security risk, consideration should be given to the risks that are presented by personal data processing, such as accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed which may in particular lead to physical, material or non-material damage”.