When to report a security incident?

    Please note that every possible security incident must be reported to Data protection officer. Such reporting is the duty of every staff member, or his/her supervisor, that finds out any of the following:

    • a device or a document containing a file with personal data was lost or stolen;
    • an unauthorized person gained access to personal data in a device or a document;
    • personal data in any form were, without a sufficient access protection, placed in a location where they could be accessed without authorization;
    • personal data were damaged or lost;
    • personal data could be changed or edited, but it is impossible to determine whether it happened.

    The loss has to be reported to gdpr@cuni.cz . See https://cuni.cz/UK-9092.html for more information.