Security violations
Activity
Manipulation of personal details derived from the actions resulting from the actions deduced from the mitigation of one of more security risks. Description of the procedures where security violations have been detected in relation to the protection of personal data. All information concerning the facts, effects and corrective actions must be registered. This documentation must be available to APDCAT (art. 33.5 RGPD).
Legal foundation
Legal obligation
Document model with informative clause or informed consent
All document that, by nature, includes data protection clauses
Legal foundation for special data categories
Not included
Document model with informative clause or informed consent for special data categories
Not required
Purpose of the treatment activity
To manage personal data affected by a security incident
Development of profiles that affect privacy
No
Categories of those concerned
Applicants, legal representatives, employees, suppliers, taxpayers and regulated entities, contact persons
Treatment of vulnerable groups’ data
No
Data categories
- Data of identifying nature
- Data of personal characteristics
- Economic, financial and insurance data
Transfer recipients
Not expected
International transfers
Not expected
Responsible administrative unit
Any administrative unit where the origin of the security violation is properly stated
Description of processed data
1. Of identifying nature
2. Personal characteristics
3. Special data categories
4. Social circumstances
5. Professional occupation details
6. Academic or professional
7. Economic, financial and insurance-related
8. Transactions of goods and services
Treatment description
Technical and organizational actions derived from one security violation of data.
Period of data preservation
No time of data preservation exists for data temporally included in this treatment
Identification of origin
- Public administration:
- Council
- Centre de Gestió Cadastral (Centre of Cadastral Management)
- Dirección General de Tráfico (National Department of Traffic)
- Departament de Benestar I Família (Welfare and Family Department)
- Public right entities: debt issuer
- By the very same applicant or their legal representative
Identification of the collection procedure
- Forms
- Electronic transmission
Security measures applied
Those determined by ENS
Controls
No
Observations
No observations
Treatment supervisors
None
Treatment co-responsible
None
Starting date of the activity log
16/11/2018
Date of the last modification of the activity log
01/03/2022
Impact evaluation
No impact evaluation is need as it is estimated that, according to the Guidelines on impact evaluation relative to data protection (AIPD) in the Group “Data protection” in Article 29, this treatment does provably not involve a high risk for the rights and freedoms of users.