In the event of a data breach, defined as a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed, Eucera will take the following steps to ensure transparency, compliance, and mitigation of risks:
Notification to the Data Controller #
Upon becoming aware of a breach, Eucera will, without undue delay and no later than 24 hours, notify the Data Controller in writing and by any additional reasonable and prompt means (e.g., email or phone).
The breach notification will include:
1. Nature of the Breach: A description of the breach, including the categories and approximate number of data subjects and data records affected.
2. Contact Information: The name and contact details of Eucera’s data protection officer or other responsible individual.
3. Consequences: An explanation of the likely or realized consequences of the breach.
4. Mitigation Measures: A description of measures taken to address the breach and reduce potential adverse effects.
If it is not possible to provide all the information at the same time, Eucera will provide the information in phases without undue delay.
Immediate Steps to Secure Data #
Upon discovering a breach, Eucera will:
• Contain and Limit the Impact: Take immediate steps to contain the breach and prevent further unauthorized access or damage.
• Preserve Evidence: Secure relevant logs and records to aid in root cause analysis and support potential investigations.
• Mitigate Risks: Implement measures to reduce any negative impacts on data subjects, such as password resets or temporary access restrictions.
Cooperation and Remediation #
After notifying the Data Controller, Eucera will consult with them to determine appropriate next steps, including:
• Securing Data: Ensuring affected data is restored, secured, or deleted as needed.
• Damage Mitigation: Limiting the breach’s impact on data subjects or customers.
• Third-Party Coordination: Collaborating with any third parties designated by the Data Controller to address the breach.
The objective of Eucera’s breach response is to:
• Restore the confidentiality, integrity, and availability of affected systems and services.
• Identify the root cause of the breach and implement remediation steps.
• Ensure compliance with applicable data protection laws and regulations.
Follow-Up and Reporting #
Eucera will provide the Data Controller with updates as more information becomes available. A final report summarizing the breach’s cause, impact, and the corrective actions taken will be delivered promptly.
For inquiries regarding Eucera’s data protection practices, contact us at [email protected]
