{"id":13389,"date":"2019-11-27T15:16:14","date_gmt":"2019-11-27T14:16:14","guid":{"rendered":"https:\/\/www.rosello-mallol.com\/incidencies-de-seguretat-que-fer\/"},"modified":"2023-03-30T09:49:01","modified_gmt":"2023-03-30T08:49:01","slug":"security-incidents-what-to-do","status":"publish","type":"post","link":"https:\/\/www.rosello-mallol.com\/en\/security-incidents-what-to-do\/","title":{"rendered":"Security incidents: what to do?"},"content":{"rendered":"\n<p>Any business that, to a greater or lesser extent, has started or has thought about starting its digitisation process may become a victim of a <strong>cyber-attack.<\/strong> What to do in case of security incidents?<\/p>\n\n\n\n<p>Websites, apps, or e-commerce managed by businesses are almost always on third-party servers and, therefore, however small your business, if the target of the attack are the servers of major companies hosting the contents of their clients, then nobody is free from being a victim of an attack. <\/p>\n\n\n\n<p>These major companies often have measures to minimise the risks, but they are never 100% safeguarded. What happens, however, if the personal data of your clients, employees or the recipients of your newsletter is put at risk during the attack?<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>What does the data protection regulation have to say about security incidents? <\/strong><\/h2>\n\n\n\n<p>Until the GDPR came into force (May 2018), there was an obligation for the internal control and registering of any incident that might affect the security of personal data. The incident had to be identified, and steps taken to minimise or eliminate it before it could be formally closed. Since 2018, this formal obligation has included another two steps:<\/p>\n\n\n\n<ul>\n<li>Reporting the incident to the Data Protection Agency.<\/li>\n\n\n\n<li>Informing the people involved.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Information to the Data Protection Agency (AEPD)<\/h3>\n\n\n\n<p>The AEPD <a href=\"https:\/\/www.aepd.es\/sites\/default\/files\/2019-09\/guia-brechas-seguridad.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">has published<\/a> an extensive Guide on how to manage security incidents. This Guide and current regulations clearly establish the <strong>obligation to report any security incident to the AEPD<\/strong> within<strong> 72 hours<\/strong>.<\/p>\n\n\n\n<p>A channel\u00a0has also been set up to do so <strong>on line<\/strong>. The only exception to the notification is when you are able to prove that the incident is of no risk to the people involved.<\/p>\n\n\n\n<p>The examples given by the AEPD for no notification include when the personal data affected by the incident has already been published by another channel. Therefore, if this is not the case then notification will be mandatory.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Information to the people involved<\/h3>\n\n\n\n<p>Where a high risk is determined for the people involved in the incident (e.g. password theft), they must also be <strong>notified in person<\/strong>, indicating the measures they can take to minimise the risks (e.g. immediate password change).<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"800\" height=\"530\" src=\"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/Incidencies-Seguridad-Brecha-Ataque-Informatico.jpg\" alt=\"Incidents Security Breach Cyber-Attack\" class=\"wp-image-13484\" srcset=\"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/Incidencies-Seguridad-Brecha-Ataque-Informatico.jpg 800w, https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/Incidencies-Seguridad-Brecha-Ataque-Informatico-300x199.jpg 300w, https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/Incidencies-Seguridad-Brecha-Ataque-Informatico-768x509.jpg 768w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/figure><\/div>\n\n\n<h2 class=\"wp-block-heading\">Recommendations regarding security incidents<\/h2>\n\n\n\n<p>Any company or self-employed individual could be involved in a security incident (who has never lost a USB drive?) and, therefore, certain minimums must be available to meet this obligation:<\/p>\n\n\n\n<ul>\n<li>Your personnel must know what an incident is and what to do if they recognise one, and must be provided with <strong>minimum information on the most common attack techniques<\/strong> (social engineering).<\/li>\n\n\n\n<li>Make sure you have the<strong> latest antivirus and anti-malware versions<\/strong>.<\/li>\n\n\n\n<li><strong>Update the software<\/strong> in the company regularly.<\/li>\n\n\n\n<li>Make sure your suppliers inform you if they become aware of an incident that affects the data on your business. <\/li>\n<\/ul>\n\n\n\n<p>In short, although small businesses are increasingly placing their business in the hands of others (or precisely because of this), this does not free them from being victims of attacks and, where this is the case, of the obligation of complying with the data protection regulation.<\/p>\n\n\n\n<p>If you have doubts about this or any other issue, don&#8217;t hesitate to contact us!<\/p>\n\n\n\n<div class=\"wp-block-contact-form-7-contact-form-selector\">\n<div class=\"wpcf7 no-js\" id=\"wpcf7-f13645-o1\" lang=\"en-US\" dir=\"ltr\">\n<div class=\"screen-reader-response\"><p role=\"status\" aria-live=\"polite\" aria-atomic=\"true\"><\/p> <ul><\/ul><\/div>\n<form action=\"\/en\/wp-json\/wp\/v2\/posts\/13389#wpcf7-f13645-o1\" method=\"post\" class=\"wpcf7-form init mailchimp-ext-0.5.72\" aria-label=\"Contact form\" novalidate=\"novalidate\" data-status=\"init\">\n<div style=\"display: none;\">\n<input type=\"hidden\" name=\"_wpcf7\" value=\"13645\" \/>\n<input type=\"hidden\" name=\"_wpcf7_version\" value=\"5.9.3\" \/>\n<input type=\"hidden\" name=\"_wpcf7_locale\" value=\"en_US\" \/>\n<input type=\"hidden\" name=\"_wpcf7_unit_tag\" value=\"wpcf7-f13645-o1\" \/>\n<input type=\"hidden\" name=\"_wpcf7_container_post\" value=\"0\" \/>\n<input type=\"hidden\" name=\"_wpcf7_posted_data_hash\" value=\"\" \/>\n<input type=\"hidden\" name=\"_wpcf7_recaptcha_response\" value=\"\" \/>\n<\/div>\n<p><label> Name (required) <span class=\"wpcf7-form-control-wrap\" data-name=\"your-name\"><input size=\"40\" class=\"wpcf7-form-control wpcf7-text wpcf7-validates-as-required uk-input\" aria-required=\"true\" aria-invalid=\"false\" value=\"\" type=\"text\" name=\"your-name\" \/><\/span> <\/label>\n<\/p>\n<p><label> Email (required) <span class=\"wpcf7-form-control-wrap\" data-name=\"your-email\"><input size=\"40\" class=\"wpcf7-form-control wpcf7-email wpcf7-validates-as-required wpcf7-text wpcf7-validates-as-email uk-input\" aria-required=\"true\" aria-invalid=\"false\" value=\"\" type=\"email\" name=\"your-email\" \/><\/span> <\/label>\n<\/p>\n<p><label> Contact phone (telephone contact) <span class=\"wpcf7-form-control-wrap\" data-name=\"telefon\"><input size=\"40\" class=\"wpcf7-form-control wpcf7-text uk-input\" aria-invalid=\"false\" value=\"\" type=\"text\" name=\"telefon\" \/><\/span> <\/label>\n<\/p>\n<p><label> Message <span class=\"wpcf7-form-control-wrap\" data-name=\"your-message\"><textarea cols=\"40\" rows=\"5\" class=\"wpcf7-form-control wpcf7-textarea uk-textarea\" aria-invalid=\"false\" name=\"your-message\"><\/textarea><\/span> <\/label>\n<\/p>\n<p><span class=\"wpcf7-form-control-wrap\" data-name=\"aceptacion-RGPD\"><span class=\"wpcf7-form-control wpcf7-acceptance\"><span class=\"wpcf7-list-item\"><label><input type=\"checkbox\" name=\"aceptacion-RGPD\" value=\"1\" aria-invalid=\"false\" \/><span class=\"wpcf7-list-item-label\">I read and accept the <a href=\"https:\/\/www.rosello-mallol.com\/en\/policy-privacy\/\" target=\"_blank\">Privacy Policy<\/a><\/span><\/label><\/span><\/span><\/span><br \/>\n<label><br \/>\n<span class=\"wpcf7-form-control-wrap\" data-name=\"acceptance-360\"><span class=\"wpcf7-form-control wpcf7-acceptance optional\"><span class=\"wpcf7-list-item\"><label><input type=\"checkbox\" name=\"acceptance-360\" value=\"1\" aria-invalid=\"false\" \/><span class=\"wpcf7-list-item-label\">I agree to receive the newsletter.<\/span><\/label><\/span><\/span><\/span><br \/>\n<input class=\"wpcf7-form-control wpcf7-submit has-spinner uk-button uk-button-primary\" type=\"submit\" value=\"Send\" \/><\/label>\n<\/p><p style=\"display: none !important;\" class=\"akismet-fields-container\" data-prefix=\"_wpcf7_ak_\"><label>&#916;<textarea name=\"_wpcf7_ak_hp_textarea\" cols=\"45\" rows=\"8\" maxlength=\"100\"><\/textarea><\/label><input type=\"hidden\" id=\"ak_js_1\" name=\"_wpcf7_ak_js\" value=\"178\"\/><script>document.getElementById( \"ak_js_1\" ).setAttribute( \"value\", ( new Date() ).getTime() );<\/script><\/p><div class=\"wpcf7-response-output\" aria-hidden=\"true\"><\/div><p style=\"display: none !important\"><span class=\"wpcf7-form-control-wrap referer-page\"><input type=\"hidden\" name=\"referer-page\" value=\"http:\/\/Direct%20Visit\" data-value=\"http:\/\/Direct%20Visit\" class=\"wpcf7-form-control wpcf7-text referer-page\" aria-invalid=\"false\"><\/span><\/p>\n<!-- Chimpmatic extension by Renzo Johnson -->\n<\/form>\n<\/div>\n<\/div>\n\n\n\n<h6 class=\"wp-block-heading\">Information on data protection<\/h6>\n\n\n\n<p><small><strong>Company name<\/strong><br>LEGAL IT GLOBAL 2017, SLP<br><\/small><small><strong>Purpose<br><\/strong><\/small><small>Providing the service.<br><\/small><small>Sending the newsletter.<br><\/small><small><strong>Legal basis<br><\/strong>Compliance with the service provision.<br>Consent.<br><\/small><small><strong>Recipients<\/strong><br>Your data will not be shared with any third party, except service providers with which we have signed a valid service agreement.<\/small><br><small><strong>Rights<\/strong><br>You may access, rectify or delete your data and exercise the rights indicated in our Privacy Policy.<\/small><br><small><strong>Further information<\/strong><br>See the&nbsp;<a href=\"https:\/\/www.rosello-mallol.com\/en\/policy-privacy\/\" target=\"_blank\" rel=\"noreferrer noopener\">Privacy Policy<\/a>.<\/small><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Any business that, to a greater or lesser extent, has started or has thought about starting its digitisation process may become a victim of a cyber-attack. What to do in case of security incidents? Websites, apps, or e-commerce managed by businesses are almost always on third-party servers and, therefore, however small your business, if the [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":13390,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_joinchat":[],"footnotes":""},"categories":[246],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Security incidents: what to do? - Rosell\u00f3 Mallol Lawyers<\/title>\n<meta name=\"description\" content=\"Any business during its digitalisation process could be a victim of a cyber-attack. What to do in the event of a security incidents?\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.rosello-mallol.com\/en\/security-incidents-what-to-do\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Security incidents: what to do? - Rosell\u00f3 Mallol Lawyers\" \/>\n<meta property=\"og:description\" content=\"Any business during its digitalisation process could be a victim of a cyber-attack. What to do in the event of a security incidents?\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.rosello-mallol.com\/en\/security-incidents-what-to-do\/\" \/>\n<meta property=\"og:site_name\" content=\"Rosell\u00f3 Mallol\" \/>\n<meta property=\"article:published_time\" content=\"2019-11-27T14:16:14+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-03-30T08:49:01+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/Brechas-seguridad-Incidencies-RGDP.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"530\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"V\u00edctor Rosello Mallol\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@vic_rosello\" \/>\n<meta name=\"twitter:site\" content=\"@vic_rosello\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"V\u00edctor Rosello Mallol\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Security incidents: what to do? - Rosell\u00f3 Mallol Lawyers","description":"Any business during its digitalisation process could be a victim of a cyber-attack. What to do in the event of a security incidents?","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.rosello-mallol.com\/en\/security-incidents-what-to-do\/","og_locale":"en_US","og_type":"article","og_title":"Security incidents: what to do? - Rosell\u00f3 Mallol Lawyers","og_description":"Any business during its digitalisation process could be a victim of a cyber-attack. What to do in the event of a security incidents?","og_url":"https:\/\/www.rosello-mallol.com\/en\/security-incidents-what-to-do\/","og_site_name":"Rosell\u00f3 Mallol","article_published_time":"2019-11-27T14:16:14+00:00","article_modified_time":"2023-03-30T08:49:01+00:00","og_image":[{"width":800,"height":530,"url":"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/Brechas-seguridad-Incidencies-RGDP.jpg","type":"image\/jpeg"}],"author":"V\u00edctor Rosello Mallol","twitter_card":"summary_large_image","twitter_creator":"@vic_rosello","twitter_site":"@vic_rosello","twitter_misc":{"Written by":"V\u00edctor Rosello Mallol","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.rosello-mallol.com\/en\/security-incidents-what-to-do\/#article","isPartOf":{"@id":"https:\/\/www.rosello-mallol.com\/en\/security-incidents-what-to-do\/"},"author":{"name":"V\u00edctor Rosello Mallol","@id":"https:\/\/www.rosello-mallol.com\/en\/#\/schema\/person\/7fa3cf4f56820cf83675a0e692ca85d6"},"headline":"Security incidents: what to do?","datePublished":"2019-11-27T14:16:14+00:00","dateModified":"2023-03-30T08:49:01+00:00","mainEntityOfPage":{"@id":"https:\/\/www.rosello-mallol.com\/en\/security-incidents-what-to-do\/"},"wordCount":606,"publisher":{"@id":"https:\/\/www.rosello-mallol.com\/en\/#organization"},"image":{"@id":"https:\/\/www.rosello-mallol.com\/en\/security-incidents-what-to-do\/#primaryimage"},"thumbnailUrl":"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/Brechas-seguridad-Incidencies-RGDP.jpg","inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.rosello-mallol.com\/en\/security-incidents-what-to-do\/","url":"https:\/\/www.rosello-mallol.com\/en\/security-incidents-what-to-do\/","name":"Security incidents: what to do? - Rosell\u00f3 Mallol Lawyers","isPartOf":{"@id":"https:\/\/www.rosello-mallol.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.rosello-mallol.com\/en\/security-incidents-what-to-do\/#primaryimage"},"image":{"@id":"https:\/\/www.rosello-mallol.com\/en\/security-incidents-what-to-do\/#primaryimage"},"thumbnailUrl":"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/Brechas-seguridad-Incidencies-RGDP.jpg","datePublished":"2019-11-27T14:16:14+00:00","dateModified":"2023-03-30T08:49:01+00:00","description":"Any business during its digitalisation process could be a victim of a cyber-attack. What to do in the event of a security incidents?","breadcrumb":{"@id":"https:\/\/www.rosello-mallol.com\/en\/security-incidents-what-to-do\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.rosello-mallol.com\/en\/security-incidents-what-to-do\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.rosello-mallol.com\/en\/security-incidents-what-to-do\/#primaryimage","url":"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/Brechas-seguridad-Incidencies-RGDP.jpg","contentUrl":"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/Brechas-seguridad-Incidencies-RGDP.jpg","width":800,"height":530,"caption":"Incidents-Breaches-Security-GDPR"},{"@type":"BreadcrumbList","@id":"https:\/\/www.rosello-mallol.com\/en\/security-incidents-what-to-do\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Inici","item":"https:\/\/www.rosello-mallol.com\/en\/"},{"@type":"ListItem","position":2,"name":"Security incidents: what to do?"}]},{"@type":"WebSite","@id":"https:\/\/www.rosello-mallol.com\/en\/#website","url":"https:\/\/www.rosello-mallol.com\/en\/","name":"Rosell\u00f3 Mallol","description":"Despatx advocats experts en TIC i Protecci\u00f3 de dades","publisher":{"@id":"https:\/\/www.rosello-mallol.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.rosello-mallol.com\/en\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.rosello-mallol.com\/en\/#organization","name":"Rosell\u00f3 Mallol - Advocats especialistes en dret digital","url":"https:\/\/www.rosello-mallol.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.rosello-mallol.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/logo-definitiu-web.png","contentUrl":"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/logo-definitiu-web.png","width":4000,"height":736,"caption":"Rosell\u00f3 Mallol - Advocats especialistes en dret digital"},"image":{"@id":"https:\/\/www.rosello-mallol.com\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/twitter.com\/vic_rosello","https:\/\/www.instagram.com\/rosellomallol\/","https:\/\/www.linkedin.com\/in\/victorrosello\/","https:\/\/www.youtube.com\/channel\/UCxcqAdksWzsEaZ5UYoFJd0Q\/featured"]},{"@type":"Person","@id":"https:\/\/www.rosello-mallol.com\/en\/#\/schema\/person\/7fa3cf4f56820cf83675a0e692ca85d6","name":"V\u00edctor Rosello Mallol","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.rosello-mallol.com\/en\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/f65b00c9a2ab2d9f0c2b6ecb05ef35cd?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f65b00c9a2ab2d9f0c2b6ecb05ef35cd?s=96&d=mm&r=g","caption":"V\u00edctor Rosello Mallol"},"url":"https:\/\/www.rosello-mallol.com\/en\/author\/victor-rosello\/"}]}},"jetpack_featured_media_url":"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/Brechas-seguridad-Incidencies-RGDP.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/posts\/13389"}],"collection":[{"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/comments?post=13389"}],"version-history":[{"count":0,"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/posts\/13389\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/media\/13390"}],"wp:attachment":[{"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/media?parent=13389"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/categories?post=13389"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/tags?post=13389"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}