Abstract

Changes in the personal data protection law arising from Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, which is a part of the package of EU legislative changes is to provide a higher level of security of personal data processing, including increased confidence in digital services. The article discusses the selected mechanism which increases data processing security, methods of eliminating and minimizing the risk of security breach, how to behave in case of a threatened or factual personal data breach. It takes into account the requirements for incident management, its objective scope, mandatory notification and documentation of personal data security breach incidents.