A data breach occurs when a Controller or Processor loses control over the integrity, safety and availability of Personal Data.
Integrity is about whether the information is up-to-date and correct. Back-up management is for sure an issue here. The ISO 27001 certification of ffiqs entails certification of PNO HR and PNO IT/ICT departments.
Safety concerns issues like storage and send/receive information. A good practice is to use FileCap to protect email attachments. Within PNO client dossiers are stored on SharePoint which is managed by IT Enschede, the Netherlands/the Service Desk.
Availability has to do with information access by staff/users/Data Subject. The GDPR demands limited and controlled access to Personal Data. When the period of consent is over availability must be zero.
Within 24 hours a Data breach must be relayed to the PNO Servicedesk by mail (ServiceDesk@pnoconsultants.com) and a copy to the DPO (use gdpr@pnoconsultants.com). PNO uses the form by the DPA for registering a Data Breach. This process must be finished within 72 hours after the breach is knowable. See https://datalekken.autoriteitpersoonsgegevens.nl/melding/aanmaken?1. When a device (phone, laptop, etc.) is stolen an official police report must be handed in at the Service Desk.