Data Breach Detection and Notification
How EUM Detects and Responds to a Breach of Personal Data, and Notifies You Under the GDPR.
All our services and personnel follow internal incident management procedures to ensure that we take proper precautions to avoid data breaches in the first place. In addition, EUM and the Microsoft Azure cloud services have specific security controls in place across our platforms to detect data breaches in the rare event that they occur.
In the event of a breach, i.e. a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored, or otherwise processed, EUM will without undue delay but no later than in 24 hours after becoming aware of it notify the Data Controller in writing and additionally in any other reasonable and prompt manner (e.g. by phone or email).
In the event of a security breach, our team will promptly notify the customer of unauthorized access to their data.
Should your security team need additional logs for their investigation of an incident determined to affect your organization, our security team will coordinate responsibly to provide access as needed.
The Breach notification will contain at least the following:
- A description of the nature of the Breach, including the categories and approximate number of Data Subjects concerned, and the categories and approximate number of data records concerned.
- The name and contact details of the person responsible for EUM data protection matters.
- A description of likely consequences and/or realized consequences of the Breach.
- A description of the measures taken to address the Breach and to mitigate its possible adverse effects.
Where, and as far as, it is not possible to provide the information listed at the same time, the information may be provided in phases without undue further delay.
EUM takes all the necessary steps to protect the Data after having become aware of the Breach. After having notified the Customer in accordance with the above, EUM will, in consultation with the Customer, take appropriate measures to secure the data and limit any possible detrimental effect to the Data Subjects.
EUM will cooperate with the Customer, and with any third parties designated by the Customer, to respond to the Breach. The objective of the Breach response will be to restore the confidentiality, integrity, and availability of the Services, to establish root causes and remediation steps, to preserve evidence, and to mitigate any damage caused to Data Subjects or the Customer.