{"id":15849,"date":"2023-06-19T22:45:07","date_gmt":"2023-06-19T22:45:07","guid":{"rendered":"https:\/\/cybercrime.rs\/?p=15849"},"modified":"2023-07-24T21:42:46","modified_gmt":"2023-07-24T21:42:46","slug":"povreda-podataka-o-licnosti","status":"publish","type":"post","link":"https:\/\/cybercrime.rs\/en\/2023\/06\/19\/povreda-podataka-o-licnosti\/","title":{"rendered":"Personal Data Breach"},"content":{"rendered":"<div data-elementor-type=\"wp-post\" data-elementor-id=\"15849\" class=\"elementor elementor-15849\">\n\t\t\t\t\t\t\t\t\t<section class=\"has_ae_slider elementor-section elementor-top-section elementor-element elementor-element-1733c3d2 elementor-section-boxed elementor-section-height-default elementor-section-height-default ae-bg-gallery-type-default\" data-id=\"1733c3d2\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"has_ae_slider elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-274b53c9 ae-bg-gallery-type-default\" data-id=\"274b53c9\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-78f0f42 elementor-widget elementor-widget-spacer\" data-id=\"78f0f42\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor - v3.7.8 - 02-10-2022 *\/\n.elementor-column .elementor-spacer-inner{height:var(--spacer-size)}.e-container{--container-widget-width:100%}.e-container>.elementor-widget-spacer{width:var(--container-widget-width,var(--spacer-size));-ms-flex-item-align:stretch;align-self:stretch;-ms-flex-negative:0;flex-shrink:0}.e-container>.elementor-widget-spacer>.elementor-widget-container,.e-container>.elementor-widget-spacer>.elementor-widget-container>.elementor-spacer{height:100%}.e-container>.elementor-widget-spacer>.elementor-widget-container>.elementor-spacer>.elementor-spacer-inner{height:var(--container-widget-height,var(--spacer-size))}<\/style>\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7f89bbd elementor-widget elementor-widget-author-box\" data-id=\"7f89bbd\" data-element_type=\"widget\" data-widget_type=\"author-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<link rel=\"stylesheet\" href=\"https:\/\/cybercrime.rs\/wp-content\/plugins\/elementor-pro\/assets\/css\/widget-theme-elements.min.css\">\t\t<div class=\"elementor-author-box\">\n\t\t\t\n\t\t\t<div class=\"elementor-author-box__text\">\n\t\t\t\t\t\t\t\t\t<a href=\"https:\/\/www.linkedin.com\/in\/zlatko-petrovi%C4%87-0849651a5\/\" target=\"_blank\">\n\t\t\t\t\t\t<h4 class=\"elementor-author-box__name\">\n\t\t\t\t\t\t\tZlatko Petrovi\u0107\t\t\t\t\t\t<\/h4>\n\t\t\t\t\t<\/a>\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-author-box__bio\">\n\t\t\t\t\t\t<p>Assistant Secretary General at Commissioner for Information of Public Importance and Personal Data Protection<\/p>\n\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b5c1446 elementor-widget elementor-widget-spacer\" data-id=\"b5c1446\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2ee5c3f elementor-widget elementor-widget-heading\" data-id=\"2ee5c3f\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor - v3.7.8 - 02-10-2022 *\/\n.elementor-heading-title{padding:0;margin:0;line-height:1}.elementor-widget-heading .elementor-heading-title[class*=elementor-size-]>a{color:inherit;font-size:inherit;line-height:inherit}.elementor-widget-heading .elementor-heading-title.elementor-size-small{font-size:15px}.elementor-widget-heading .elementor-heading-title.elementor-size-medium{font-size:19px}.elementor-widget-heading .elementor-heading-title.elementor-size-large{font-size:29px}.elementor-widget-heading .elementor-heading-title.elementor-size-xl{font-size:39px}.elementor-widget-heading .elementor-heading-title.elementor-size-xxl{font-size:59px}<\/style><h2 class=\"elementor-heading-title elementor-size-default\">What is personal data breach?<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a0dd39f elementor-widget elementor-widget-spacer\" data-id=\"a0dd39f\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1bd65090 elementor-widget elementor-widget-text-editor\" data-id=\"1bd65090\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor - v3.7.8 - 02-10-2022 *\/\n.elementor-widget-text-editor.elementor-drop-cap-view-stacked .elementor-drop-cap{background-color:#818a91;color:#fff}.elementor-widget-text-editor.elementor-drop-cap-view-framed .elementor-drop-cap{color:#818a91;border:3px solid;background-color:transparent}.elementor-widget-text-editor:not(.elementor-drop-cap-view-default) .elementor-drop-cap{margin-top:8px}.elementor-widget-text-editor:not(.elementor-drop-cap-view-default) .elementor-drop-cap-letter{width:1em;height:1em}.elementor-widget-text-editor .elementor-drop-cap{float:left;text-align:center;line-height:1;font-size:50px}.elementor-widget-text-editor .elementor-drop-cap-letter{display:inline-block}<\/style>\t\t\t\t<p><!-- wp:paragraph --><\/p>\n<p>Termin &#8220;<em>povreda podataka o li\u010dnosti<\/em>&#8221; (eng. Data Breach) u na\u0161e zakonodavstvo je u\u0161ao sa Zakonom o za\u0161titi podataka o li\u010dnosti iz 2018. godine, koji je doslovno preuzeo re\u0161enja Op\u0161te uredbe o za\u0161titi podataka EU (GDPR). U pitanju je &#8220;<em>povreda bezbednosti podataka o li\u010dnosti koja dovodi do slu\u010dajnog ili nezakonitog uni\u0161tenja, gubitka, izmene, neovla\u0161\u0107enog otkrivanja ili pristupa podacima o li\u010dnosti koji su preneseni, pohranjeni ili na drugi na\u010din obra\u0111ivani<\/em>&#8220;.<\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p>However, even before the adoption of this law, there were violations of personal data, which were not called that at the time. In the last ten years, the personal data of the citizens of our country was often compromised, and the accumulation of data without a clearly defined purpose, in combination with negligence or malicious intent and clumsy digitalization almost always led to incidents. This irresponsible approach caused more or less risk for those whose data it is about. Also, the citizens themselves were mostly unaware of what was happening with their data.<\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p>Dovoljno je samo prisetiti se objavljivanja podataka 5,2 miliona gra\u0111ana na internet prezentaciji Agencije za privatizaciju 2014. godine. Ilustrativan je i slu\u010daj Integrisanog zdravstvenog informacionog sistema (IZIS), zahvaljuju\u0107i kojem je 2016. godine svaki korisnik interneta mogao da pristupi zdravstvenom kartonu svakog gra\u0111anina na\u0161e zemlje. Zanimljiva je i aplikacija &#8220;Izabrani doktor&#8221;, koja je 2018. godine omogu\u0107avala svakome da pristupi tu\u0111im zdravstvenim podacima.<\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p class=\" translation-block\">All of the above cases were essentially examples of personal data breaches, in which the <strong>confidentiality and integrity<\/strong> of personal data were violated. The new Law on the Protection of Personal Data raises these two words to the level of principles of personal data processing, so every operator is obliged to take appropriate technical, organizational and personnel measures, so that the data remains preserved and confidential.<\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p>\u00a0<\/p>\n<p><!-- \/wp:paragraph --><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-875784c elementor-widget elementor-widget-spacer\" data-id=\"875784c\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2674c81 elementor-widget elementor-widget-heading\" data-id=\"2674c81\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">What are the consequences?<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a736710 elementor-widget elementor-widget-spacer\" data-id=\"a736710\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-34b9158 elementor-widget elementor-widget-text-editor\" data-id=\"34b9158\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><!-- wp:paragraph --><\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p>What are the consequences of a personal data breach that gets out of control? A data breach can produce physical, material or non-material damage, psychological problems, loss of control over data, discrimination, identity theft, fraud, financial losses, damage to reputation... Just think of what the unauthorized publication of your health record, school grades, data can lead to from a current account or from an emotional dating application.<\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p>The operator, as the main and responsible actor, is obliged to undertake everything in his power to prevent the occurrence of a violation of personal data. This means that he is obliged to undertake a complex of technical, organizational and personnel measures to keep the data safe. The same implies the establishment of protection measures, such as pseudonymization and cryptoprotection, clearly defining mutual roles with processors and other handlers, data mapping and their recording in records of processing actions, and taking measures for the purpose of processing security. This implies the existence of backed-up data, disaster plans, taking measures to maintain the confidentiality, integrity and availability of data and a number of other measures that will ensure that a breach does not occur.<\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p>However, if an injury does occur, it should be treated in accordance with the law. If the processor determines that an injury has occurred, he must inform the operator about it without delay. The operator must properly document and analyze any observed violation of personal data.<\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p>If the operator determines that the resulting violation may cause a risk to the rights and freedoms of the person to whom the data refer, he must notify the Commissioner of this within 72 hours of learning of the violation. The operator is then obliged to submit a notice to the Commissioner with relevant information about the violation: what happened, how much data is included in the violation, which persons are involved, what are the possible consequences of the violation, and what was done regarding the resulting violation. Along with this notification, he is obliged to submit to the Commissioner a record of the data processing actions that are the subject of the violation.<\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p>If the operator determines that the same violation can create a HIGH risk for the rights and freedoms of the person to whom the data refers, then the same person must be informed about the same violation.<\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p>That's what the law says. However, is the operator even able to recognize the violation of personal data, when it occurs? Do its employees know how to react if they notice a breach of personal data? How is the operator to determine what happened to the data and whether the violation may cause a risk to the rights and freedoms of the person whose data is in question? If he doesn't know all that - how will he determine whether a data breach can create a HIGH risk for the same rights and freedoms? When we add misdemeanor responsibility for each of these items to all of that - only then does the need for a detailed clarification of the legal provisions arise.<\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p>\u00a0<\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p>\u00a0<\/p>\n<p><!-- \/wp:paragraph --><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6224ec2 elementor-widget elementor-widget-spacer\" data-id=\"6224ec2\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-643e8a7 elementor-blockquote--skin-border elementor-blockquote--button-color-official elementor-widget elementor-widget-blockquote\" data-id=\"643e8a7\" data-element_type=\"widget\" data-widget_type=\"blockquote.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor-pro - v3.7.7 - 20-09-2022 *\/\n@charset \"UTF-8\";.entry-content blockquote.elementor-blockquote:not(.alignright):not(.alignleft),.entry-summary blockquote.elementor-blockquote{margin-right:0;margin-left:0}.elementor-widget-blockquote blockquote{margin:0;padding:0;outline:0;font-size:100%;vertical-align:baseline;background:transparent;quotes:none;border:0;font-style:normal;color:#55595c}.elementor-widget-blockquote blockquote:after,.elementor-widget-blockquote blockquote:before,.elementor-widget-blockquote blockquote cite:after,.elementor-widget-blockquote blockquote cite:before,.elementor-widget-blockquote blockquote footer:after,.elementor-widget-blockquote blockquote footer:before{content:\"\";content:none}.elementor-blockquote{-webkit-transition:.3s;-o-transition:.3s;transition:.3s}.elementor-blockquote__author,.elementor-blockquote__content{margin-bottom:0;font-style:normal}.elementor-blockquote__author{font-weight:700}.elementor-blockquote footer{margin-top:12px;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-pack:justify;-ms-flex-pack:justify;justify-content:space-between}.elementor-blockquote__tweet-button{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-transition:.3s;-o-transition:.3s;transition:.3s;color:#1da1f2;-ms-flex-item-align:end;align-self:flex-end;line-height:1;position:relative;width:-webkit-max-content;width:-moz-max-content;width:max-content}.elementor-blockquote__tweet-button:hover{color:#0967a0}.elementor-blockquote__tweet-button span{font-weight:600}.elementor-blockquote__tweet-button i,.elementor-blockquote__tweet-button span{vertical-align:middle}.elementor-blockquote__tweet-button i+span,.elementor-blockquote__tweet-button svg+span{margin-left:.5em}.elementor-blockquote__tweet-button svg{fill:#1da1f2;height:1em;width:1em}.elementor-blockquote__tweet-label{white-space:pre-wrap}.elementor-blockquote--button-skin-bubble .elementor-blockquote__tweet-button,.elementor-blockquote--button-skin-classic .elementor-blockquote__tweet-button{padding:.7em 1.2em;border-radius:100em;background-color:#1da1f2;color:#fff;font-size:15px}.elementor-blockquote--button-skin-bubble .elementor-blockquote__tweet-button:hover,.elementor-blockquote--button-skin-classic .elementor-blockquote__tweet-button:hover{background-color:#0967a0;color:#fff}.elementor-blockquote--button-skin-bubble .elementor-blockquote__tweet-button:hover:before,.elementor-blockquote--button-skin-classic .elementor-blockquote__tweet-button:hover:before{border-right-color:#0967a0}.elementor-blockquote--button-skin-bubble .elementor-blockquote__tweet-button svg,.elementor-blockquote--button-skin-classic .elementor-blockquote__tweet-button svg{fill:#fff;height:1em;width:1em}.elementor-blockquote--button-skin-bubble.elementor-blockquote--button-view-icon .elementor-blockquote__tweet-button,.elementor-blockquote--button-skin-classic.elementor-blockquote--button-view-icon .elementor-blockquote__tweet-button{padding:0;width:2em;height:2em}.elementor-blockquote--button-skin-bubble.elementor-blockquote--button-view-icon .elementor-blockquote__tweet-button i,.elementor-blockquote--button-skin-classic.elementor-blockquote--button-view-icon .elementor-blockquote__tweet-button i{position:absolute;left:50%;top:50%;-webkit-transform:translate(-50%,-50%);-ms-transform:translate(-50%,-50%);transform:translate(-50%,-50%)}.elementor-blockquote--button-skin-bubble .elementor-blockquote__tweet-button:before{content:\"\";border:.5em solid transparent;border-right-color:#1da1f2;position:absolute;left:-.8em;top:50%;-webkit-transform:translateY(-50%) scaleY(.65);-ms-transform:translateY(-50%) scaleY(.65);transform:translateY(-50%) scaleY(.65);-webkit-transition:.3s;-o-transition:.3s;transition:.3s}.elementor-blockquote--button-skin-bubble.elementor-blockquote--align-left .elementor-blockquote__tweet-button:before{right:auto;left:-.8em;border-right-color:#1da1f2;border-left-color:transparent}.elementor-blockquote--button-skin-bubble.elementor-blockquote--align-left .elementor-blockquote__tweet-button:hover:before{border-right-color:#0967a0}.elementor-blockquote--button-skin-bubble.elementor-blockquote--align-right .elementor-blockquote__tweet-button:before{left:auto;right:-.8em;border-right-color:transparent;border-left-color:#1da1f2}.elementor-blockquote--button-skin-bubble.elementor-blockquote--align-right .elementor-blockquote__tweet-button:hover:before{border-left-color:#0967a0}.elementor-blockquote--skin-boxed .elementor-blockquote{background-color:#e6e9ec;padding:30px}.elementor-blockquote--skin-border .elementor-blockquote{border-color:#e6e9ec;border-left:7px #e6e9ec;border-style:solid;padding-left:20px}.elementor-blockquote--skin-quotation .elementor-blockquote:before{content:\"\u201c\";font-size:100px;color:#e6e9ec;font-family:Times New Roman,Times,serif;font-weight:900;line-height:1;display:block;height:.6em}.elementor-blockquote--skin-quotation .elementor-blockquote__content{margin-top:15px}.elementor-blockquote--align-left .elementor-blockquote__content{text-align:left}.elementor-blockquote--align-left .elementor-blockquote footer{-webkit-box-orient:horizontal;-webkit-box-direction:normal;-ms-flex-direction:row;flex-direction:row}.elementor-blockquote--align-right .elementor-blockquote__content{text-align:right}.elementor-blockquote--align-right .elementor-blockquote footer{-webkit-box-orient:horizontal;-webkit-box-direction:reverse;-ms-flex-direction:row-reverse;flex-direction:row-reverse}.elementor-blockquote--align-center .elementor-blockquote{text-align:center}.elementor-blockquote--align-center .elementor-blockquote__author,.elementor-blockquote--align-center .elementor-blockquote footer{display:block}.elementor-blockquote--align-center .elementor-blockquote__tweet-button{margin-right:auto;margin-left:auto}<\/style>\t\t<blockquote class=\"elementor-blockquote\">\n\t\t\t<p class=\"elementor-blockquote__content\">\n\t\t\t\tFor a better understanding of what is written in the Serbian Law on the Protection of Personal Data, it is necessary to consult both the provisions of the GDPR and the current Guidelines of European authorities in the field of personal data protection.\t\t\t<\/p>\n\t\t\t\t\t<\/blockquote>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8b7de69 elementor-widget elementor-widget-spacer\" data-id=\"8b7de69\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e4e2b57 elementor-widget elementor-widget-text-editor\" data-id=\"e4e2b57\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><!-- wp:paragraph --><\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p class=\" translation-block\">First, you should keep in mind that there are <span style=\"color: #ead181\">three types<\/span> of personal data breaches:<\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:list {\"ordered\":true,\"type\":\"1\",\"start\":1} --><\/p>\n<ol start=\"1\" type=\"1\">\n<li style=\"list-style-type: none;\">\n<ol start=\"1\" type=\"1\"><!-- wp:list-item --><\/ol>\n<\/li>\n<\/ol>\n<p>\u00a0<\/p>\n<ol start=\"1\" type=\"1\">\n<li style=\"list-style-type: none;\">\n<ol start=\"1\" type=\"1\">\n<li>Breach of confidentiality \u2013 where there is unauthorized or accidental access or disclosure of data;<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<p><!-- \/wp:list-item --><\/p>\n<p><!-- wp:list-item --><\/p>\n<ol start=\"1\" type=\"1\">\n<li style=\"list-style-type: none;\">\n<ol start=\"1\" type=\"1\">\n<li>Breach of integrity - where there is an unauthorized or accidental change of data;<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<p><!-- \/wp:list-item --><\/p>\n<p><!-- wp:list-item --><\/p>\n<ol start=\"1\" type=\"1\">\n<li style=\"list-style-type: none;\">\n<ol start=\"1\" type=\"1\">\n<li>Breach of availability \u2013 where there is an accidental or unauthorized loss of access to or destruction of personal data.<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<p><!-- \/wp:list-item --><\/p>\n<p><!-- \/wp:list --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p>The handler and the processor should establish appropriate procedures, so that they are able to detect the occurrence of injury and act accordingly. First of all, this implies that the information about the observed violation should be sent to the service responsible for the action, about which procedure the employees must be informed. This service has the task of analyzing and documenting the violation itself, taking measures to reduce the risk and potential damage, and notifying the Commissioner (if the violation may cause a risk to the rights and freedoms of the person to whom the data refer) and the person whose data it is about (if the violation can produce HIGH risk). A person for the protection of personal data must be included in this procedure, if the operator has designated the same person.<\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p>It is considered that a high risk may result in a data breach that may lead to physical, material or non-material damage, and especially if specific types of personal data are compromised (racial or ethnic origin, sex life and orientation, trade union membership, political opinion, biometric, genetic and health data, philosophical or religious belief) or criminal record data. However, a high risk can also exist in other cases, so it is always necessary to take into account what kind of data it is, what is the nature of this data, how much data is involved, to which persons this data refers... In this sense, it is important when determining risk, keep in mind whether the data originates from a hospital, humanitarian organization or political party, whether it relates to children, minority groups, the disabled, and the like.<\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p>\u00a0<\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p>\u00a0<\/p>\n<p><!-- \/wp:paragraph --><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ff0b3a0 elementor-blockquote--skin-border elementor-blockquote--button-color-official elementor-widget elementor-widget-blockquote\" data-id=\"ff0b3a0\" data-element_type=\"widget\" data-widget_type=\"blockquote.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<blockquote class=\"elementor-blockquote\">\n\t\t\t<p class=\"elementor-blockquote__content\">\n\t\t\t\tBreach of personal data can occur both with data in automated and non-automated form.\t\t\t<\/p>\n\t\t\t\t\t<\/blockquote>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-bcbe782 elementor-widget elementor-widget-text-editor\" data-id=\"bcbe782\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><!-- wp:paragraph --><\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p>Data processing in the Internet environment carries special types of risks, so it is necessary for the operator to take modern technical measures in order to prevent possible data violations. One of those special threats is blackmail software (ransomware), which prevents the operator from accessing the data. In such situations, it is necessary to analyze and document the data breach, to determine what kind of software it is, and whether or not there was an unauthorized download (exfiltration) of data. The operator will often not have the appropriate knowledge and resources for this delicate task, so they will have to hire cyber security experts for the same job.<\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p>\u00a0<\/p>\n<p><!-- \/wp:paragraph --><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-936d28c elementor-blockquote--skin-border elementor-blockquote--button-color-official elementor-widget elementor-widget-blockquote\" data-id=\"936d28c\" data-element_type=\"widget\" data-widget_type=\"blockquote.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<blockquote class=\"elementor-blockquote\">\n\t\t\t<p class=\"elementor-blockquote__content\">\n\t\t\t\tExamples of data breaches are numerous, if the human factor is considered as a potential risk in processing.\t\t\t<\/p>\n\t\t\t\t\t<\/blockquote>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f501117 elementor-widget elementor-widget-text-editor\" data-id=\"f501117\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><!-- wp:paragraph --><\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p>An employee may abuse the right to access data, download or copy it, and further use it in various ways (for personal purposes, for the purpose of selling to a competing company, the media). There are many ways to copy this data, so the employee can copy the data to a USB, print it, burn it to a CD\/DVD, take a photo or record it with a mobile phone, send it via email, and store it on a cloud server. Violations of personal data can also happen unintentionally, by sending mail to the wrong address, sending emails to a mailing list using CC instead of BCC option, and the like.<\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p>\u00a0<\/p>\n<p><!-- \/wp:paragraph --><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6640781 elementor-widget elementor-widget-spacer\" data-id=\"6640781\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5218c6a elementor-widget elementor-widget-heading\" data-id=\"5218c6a\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Prevention<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f646350 elementor-widget elementor-widget-spacer\" data-id=\"f646350\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f75afc4 elementor-widget elementor-widget-text-editor\" data-id=\"f75afc4\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><!-- wp:paragraph --><\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p class=\" translation-block\">For these reasons, it is necessary to <span style=\"color: #ead181\">narrow the space for employees to commit such injuries<\/span>, accidentally or intentionally, through<\/p>\n<ul>\n<li>training,<\/li>\n<li>assigning data access levels,<\/li>\n<li>disabling the use of portable media,<\/li>\n<li>exclusive use of encrypted devices,<\/li>\n<li>a strict password policy,<\/li>\n<li>filtering user activities,<\/li>\n<li>tracking unusual data flows on the server,<\/li>\n<li>banning the use of devices that can record video in the monitoring center,<\/li>\n<li>familiarizing employees with phishing and ransomware attacks and other types of social engineering to which they may be exposed,<\/li>\n<li>termination of all data access rights of an employee whose employment relationship has ended,<\/li>\n<li>implementing a clean table policy,<\/li>\n<li>establishing a print management system, etc.<\/li>\n<\/ul>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p>\u00a0<\/p>\n<p><!-- \/wp:paragraph --><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-939b04d elementor-widget elementor-widget-text-editor\" data-id=\"939b04d\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><!-- wp:paragraph --><\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p class=\" translation-block\">Necessary<span style=\"color: #ffffff\"> technical measures<\/span> include constant strengthening and improvement of data processing security, establishing a separate backup, using anti-malware detection systems, updating operating systems and installed software , establishing a logging system, an effective firewall and an intrusion detection and prevention system, using a VPN connection, multi-factor authentication, penetration (pen) testing, establishing a Computer Security Incident Response Team (CSIRT) or Computer Emergency Response Team (CERT) in an organization or joining a collective CSIRT \/CERT, establishing the possibility of remote data deletion, in case of theft or loss of portable devices.<\/p>\n<p><!-- \/wp:paragraph --><\/p>\n<p><!-- wp:paragraph --><\/p>\n<p>\u00a0<\/p>\n<p><!-- \/wp:paragraph --><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-47ec0d3 elementor-blockquote--skin-border elementor-blockquote--button-color-official elementor-widget elementor-widget-blockquote\" data-id=\"47ec0d3\" data-element_type=\"widget\" data-widget_type=\"blockquote.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<blockquote class=\"elementor-blockquote\">\n\t\t\t<p class=\"elementor-blockquote__content\">\n\t\t\t\tAll these measures represent prevention, in order to enable safe processing and prevent the violation of personal data. However, despite all the measures taken, data breaches do happen, even in the most complex and well-equipped systems. It is up to the operator to do everything in his power to prevent personal data from being breached, and if it does happen - the operator must carefully analyze and document it, and act in accordance with the law, which is in his best interest, but and in the interest of the person whose data is in question.\t\t\t<\/p>\n\t\t\t\t\t<\/blockquote>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9c13036 elementor-widget elementor-widget-spacer\" data-id=\"9c13036\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-84c2958 elementor-widget elementor-widget-text-editor\" data-id=\"84c2958\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p class=\" translation-block\">Source <span style=\"color: #ead181\"><a style=\"color: #ead181\" href=\"https:\/\/www.linkedin.com\/pulse\/povreda-podataka-o-liC48Dnosti-zlatko-petroviC487\/?trackingId=XFCkQ48TKCv0woOAZzMhA\" target=\"_blank\" rel=\"noopener\">&gt;&gt;<\/a><\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"<p>What is personal data breach and how is it treated in the Personal Data Protection Act in the Republic of Serbia?<\/p>","protected":false},"author":1,"featured_media":9976,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"site-sidebar-layout":"default","site-content-layout":"default","ast-global-header-display":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","footnotes":""},"categories":[31,32],"tags":[],"class_list":["post-15849","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-digitalprivacy","category-digitalsurveillance"],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cybercrime.rs\/en\/wp-json\/wp\/v2\/posts\/15849","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cybercrime.rs\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybercrime.rs\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cybercrime.rs\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cybercrime.rs\/en\/wp-json\/wp\/v2\/comments?post=15849"}],"version-history":[{"count":47,"href":"https:\/\/cybercrime.rs\/en\/wp-json\/wp\/v2\/posts\/15849\/revisions"}],"predecessor-version":[{"id":16598,"href":"https:\/\/cybercrime.rs\/en\/wp-json\/wp\/v2\/posts\/15849\/revisions\/16598"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybercrime.rs\/en\/wp-json\/wp\/v2\/media\/9976"}],"wp:attachment":[{"href":"https:\/\/cybercrime.rs\/en\/wp-json\/wp\/v2\/media?parent=15849"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybercrime.rs\/en\/wp-json\/wp\/v2\/categories?post=15849"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybercrime.rs\/en\/wp-json\/wp\/v2\/tags?post=15849"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}