Should breaches of personal data protection provisions, such as the failure to use information clauses, that were identified during an audit be entered in the breach register?
ANSWER
No, non-compliance with personal data protection provisions, such as missing information clauses, should be recorded in the audit report, not in the breach register. The breach register contains only "personal data breaches", meaning security breaches leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to personal data.


