How ELEARNINGFORCE Detects and Responds to a Breach of Personal Data, and Notifies You Under the GDPR.
All our services and personnel follow internal incident management procedures to ensure that we take proper precautions to avoid data breaches in the first place. However, in addition, LMS365 & the Microsoft Azure cloud services have specific security controls in place across our platforms to detect data breaches in the rare event that they occur.
In the event of a breach, i.e. a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored, or otherwise processed, ELEARNINGFORCE will without undue delay but no later than in 24 hours after becoming aware of it notify the Data Controller in writing and additionally in any other reasonable and prompt manner (e.g. by phone or email).
Should your security team need additional logs for their investigation of an incident determined to affect your organization, our security team will coordinate responsibly provide access as needed.
The Breach notification will contain at least the following:
- a description of the nature of the Breach including, the categories and approximate number of Data Subjects concerned, and the categories and approximate number of data records concerned
- the name and contact details of the person responsible for ELEARNINGFORCE’s data protection matters
- a description of likely consequences and/or realized consequences of the Breach
- a description of the measures taken to address the Breach and to mitigate its possible adverse effects.
Where, and as far as, it is not possible to provide the information listed at the same time, the information may be provided in phases without undue further delay.
ELEARNINGFORCE takes all the necessary steps to protect the Data after having become aware of the Breach. After having notified the Customer in accordance with the above, ELEARNINGFORCE will, in consultation with the Customer, take appropriate measures to secure the data and limit any possible detrimental effect to the Data Subjects.
ELEARNINGFORCE will cooperate with the Customer, and with any third parties designated by the Customer, to respond to the Breach. The objective of the Breach response will be to restore the confidentiality, integrity, and availability of the Services, to establish root causes and remediation steps, to preserve evidence, and to mitigate any damage caused to Data Subjects or the Customer.