The Agencia Española de Protección de Datos (AEPD) have released a breach notification tool called “Assessor Brecha”. This tool aims to help those responsible for processing to decide whether the AEPD needs to be notified about a breach.
It’s reported the AEPD receives around 1,500 notification of data breaches every year. This shows just how many situations require the agency’s advice about the proper management of incidents. The tool aims to help data controllers decide whether they need to notify the AEPD of a personal data breach. The tool is free and easy to use, and the information put in is deleted after the process so the AEPD cannot know the information that has been provided.
Firstly, the tool will identify the nature of the breach. Options are given to assess the likely risk of the breach, how the breach came about, and how likely people’s rights and freedoms are to be at risk. It will also ask about the spread of the business to establish the wider implications. For example, is the business only based in Spain or do they also operate outside of Spain and do the implications of cross-border implications need to be considered.
Upon completing the information that the tool asks for a result will be given to advise on the best course of action. If it is likely that harm or damage could materialize for the affected individuals, then they will be guided to report the incident to the AEPD and what else they should do in such a case.
If at any time the circumstances of the breach changes then the risk must be re-evaluated.
A link to the tool can be found here.