Definition

Unauthorized access, loss, or disclosure of personal data held for PV. May require notification to supervisory authority and data subjects under GDPR (e.g., 72 hours).

Example

Accidental email of ICSR with patient name to wrong recipient.

Regulatory source

GDPR Arts 33, 34; GVP Module I

Common mistakes

Delaying breach notification or not documenting the incident.

Inspector question

What is your procedure for PV-related personal data breaches?

Related terms