The Personal Data Protection Authority, IMY, publishes now a report on notifications of personal data accidents received by the Authority during 2020. Errors caused by the human factor dominated and have caused more than half of reported accidents.
The General Data Protection Regulation, GDPR, asks companies, public authorities and other organization to notify some personal data accidents to IMY, ex Data Inspectorate. A similar obligation is mentioned in the Criminal Data Act for the police forces.
IMY publishes today a report which specifies personal data protection notification breaches received on the last year.
Little less than 4.600 accidents of personal data were reported in 2020, in diminishing compared to 4.800 notification that the authority received in 2019. The public sector has represented the highest quote of reported accident in 2020, in particular governmental agencies and courts, and the health sector. Notification of the health sector represent the largest increase of the number of accidents of personal data reported in 2020. IMY has received an increase of the 25% of notification from this sector on the last year compared to 2019.
As in 2019, the most common reason of reported accident is the human factor, which represent the more than half of the accident reported in 2020.
This underlines the importance of having safe technical and organizational measures and to constantly inform the staff on applicable procedures.
rapport-anmalda-personuppgiftsincidenter-2020