Data Privacy and Incident Breach
- ZTPL has defined appropriate escalation and communication procedures to report data privacy incidents and personal data breaches.
- Data privacy incidents and personal data breaches shall be reported immediately to the Governance Risk and Compliance Officer (referred to as “GRCO”) at email@example.com. The report shall include full and accurate details of the data privacy incident or personal data breach.
Upon receiving the security incident breach, GRCO shall without any delay and, where feasible, not later than 72 hours after having become aware of data privacy incident or personal data breach, notify the applicable regulators and authorities, including supervisory authority, unless the personal data breach or data privacy incident is unlikely to result in a risk to the rights and freedom of data subjects.
Communication to the data subject by GRCO shall describe in clear and plain language following mentioned information but not limited to:
- Nature of data privacy incident or personal data breach.
- Name and contact details of GRCO or other contact point where more information can be obtained.
- Describe the likely consequences of the data privacy incident or personal data breach.
- Describe the measures taken or proposed to be taken by ZTPL to address the data privacy incident or personal data breach, including, measures to mitigate its possible adverse effects.