Data breaches, cybersecurity professionals' biggest nightmares, can happen at any time. While big companies are able to employ specialists to guard against this, beginner eCommerce stores likely won't have the expertise to handle sophisticated threats without outside help. Either way, it's important to ensure GDPR compliance↗ when a data breach occurs. According to GDPR, a personal data breach occurs when accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed occurs. The biggest threat is when malicious actors breach security and steal personal data, which they then sell or use for other illegal activities.
What Is Considered "Personal Data" Under GDPR?
It's important to determine what GDPR considers to be personal data to remain compliant in a potential data breach. The following types of information relating to a natural person are considered personal data:
- Name
- Identification number
- Location data
- IP address
- Cookie identifiers Bulleted List The purposeful or accidental disclosure of any confidential information is regarded as a data breach by GDPR↗. This includes information relating to a person's physical, physiological, genetic, mental, economic, cultural, or social identity as well as contact information (including sharing email addresses↗). Be sure to read up on the difference between personal vs private data↗ too and how those relate to personally identifiable information (PII).
Conclusion
Any website or business that collects, stores, or processes information is responsible for maintaining compliance with GDPR. There can be severe penalties for non-compliance, so it's important to continually place your own business under review to avoid them.