Tag: Agencia Española de Protección de Datos

Spanish DPA publishes new tool for notifiability of data breaches

2. November 2022

A few days ago the Spanish Data Protection Authority launched a new tool called “Asesora Brecha” in order to simplify the notifiaibility of data breaches. This was deemed necessary due to the large number of reported data breaches in the country.

This tool helps data controllers as well as data protection officers to decide whether they should notify a personal data breach to the supervisory authority and how the breach itself can be avoided. Specifically, the functions include:

  • Who has to notify the supervisory authority
  • Which situations correspond to a data breach and which not
  • Which is the competent authority

The tool was described as free and easy to use. It was also added to the Decalogue of AEPD help resources in order to promote and facilitate compliance with the GDPR. In regard to the principle of storage limitation, the tool itself is GDPR compliant. Once the procedure is complete, all the provided data are automatically deleted.

However, the Spanish DPA clearly stated that the use of “Asesora Brecha” does not automatically imply that the obligations imposed by the GDPR are fulfilled. The responsible figure needs to fill out the relevant documentation and, if needed, report the data breach to the authorities.