The Finnish supervisory authority (the “Ombudsman”) reminds controllers that IT system log data containing information related to the protection of personal data must be stored under the principle of accountability

Under the GDPR, the controller must document the facts surrounding the personal data breach, its consequences and the remedial measures taken. This documentation must allow the supervisory authority to verify whether the controller has complied with its obligations to notify the authority and the data subjects. The documentation obligation also includes information as to the time of the breach of personal data processed in the IT system. The Ombudsman also recalls that logs may be requested in order to investigate a breach notification.

source

LATEST POSTS

03.04.2024

Spanish Company Penalized for Inadequate Notification of Biometric Data to Employees

03.04.2024

Estonian supervisory authority makes recommendations on secure data processing

25.03.2024

Penalty for CaixaBank for breach of data protection legislation

25.03.2024

Greek ministry fined for data protection breach

13.02.2024

The Slovenian regulatory authority publishes new guidelines on the use of cookies