PERSONAL DATA BREACH

What is a personal data breach?

Personal data breach means a breach of security that accidentally or unlawfully results in the destruction, loss, modification, unauthorized disclosure or access to personal data transmitted, stored or otherwise processed. Such disclosure may occur, for example, following:

• accidental loss: e.g. a personal data breach caused by the loss of your smartphone;

• theft: e.g. a personal data breach caused by the theft of a notebook containing personal data;

• corporate infidelity: e.g. a violation of personal data caused by an internal person who, having authorization to access personal data, produces a copy to be distributed in a public environment;

• abusive access: e.g. a violation of personal data caused by unauthorized access to IT systems with subsequent disclosure of the information acquired.

Under certain circumstances, the European legislation on the protection of personal data (GDPR) provides the obligation to notify the violation of personal data to the competent Supervisory Authority within 72 hours from when GRE becomes aware of it as well as, in more serious cases, to communicate this violation to the interested parties.

To fulfill the regulatory obligations described above and to protect the personal data of the people we come into contact with, a specific section has been created to allow you to notify us of the detection of a possible violation of personal data.

If you have a relationship with GRE and deem it necessary to report a personal data breach, please click on the following link, “Personal Data Breach” section: https://www.generali.com/it/info/privacy/ form.