Privacy Breach Policy

1. Introduction

This Privacy Breach Policy outlines the procedures Lenstra SAS ("we", "our", or "us") will follow when there's a suspected or confirmed breach of personal data. We are committed to safeguarding the personal data entrusted to us and recognize the importance of responding promptly to such incidents.

2. Definition of a Privacy Breach

A privacy breach occurs when there is unauthorized access to or collection, use, disclosure, or disposal of personal data. This can be a result of:

  • Loss or theft of devices or records containing personal data
  • Unauthorized access to personal data (e.g., hacking)
  • Sharing personal data without the necessary permissions

3. Reporting a Breach

All staff members and contractors must report any perceived, suspected, or confirmed privacy breaches immediately to the Data Protection Officer:

4. Containment

Upon becoming aware of a breach, immediate action should be taken to contain it:

  • Stop the unauthorized practice
  • Recover the breached records
  • Shut down the system that was breached
  • Revoke or change computer access codes
  • Correct weaknesses in physical or electronic security

5. Evaluation

The Data Protection Officer will lead the evaluation of the breach by determining:

  • The type and amount of personal data involved
  • How the breach occurred
  • Whether the breach would allow unauthorized access to any other data
  • The individuals affected by the breach

6. Notification

If it's determined that the breach poses a risk to the affected individuals:

  • We will notify them as soon as possible, explaining the nature of the breach, what steps we've taken, and what they can do to protect themselves.
  • We will notify any regulatory authorities as required by law, including GDPR and CCPA regulations.

7. Prevention

Once immediate steps are taken to mitigate the risks associated with the breach, we will conduct a thorough review of the incident to prevent future breaches. This could involve:

  • A security audit
  • A review of policies and procedures
  • A review of employee training practices

8. Documentation

All breaches and actions taken will be documented by the Data Protection Officer. This will include the details of the breach, its effects, and the actions taken to prevent future breaches.

9. Review and Updates

This Privacy Breach Policy will be reviewed annually and after any breach to ensure it reflects the current risks and capabilities of our organization.

10. Contact

For any questions regarding this Privacy Breach Policy:

Any company can become a tech company.

We are committed to making a net contribution to your organization.

Contact us