Many might think of a data breach only as the result of hackers gaining access to your data through unauthorized means, to put it mildly. But it is so much more than this.
In particular, the GDPR defines a data breach as being the accidental or unlawful destruction, loss or alteration to personal data transmitted, stored or processed.
There are three things in this definition.
> Firstly, a breach could involve data at rest (stored) or in motion (transmitted). An example of the latter is an email transmission.
> Secondly, a breach is not just only the exposure of data by unauthorized means, but also the alteration or even destruction of the data.
>Thirdly, a breach could also be accidental rather than purposeful
But there's more. The GDPR also defines a data breach as the unauthorized disclosure of, or access to personal data. This means that only those people that officially have access to the data, actually have access to the data.
In many organizations, breaches by the above definition happen every day as a result of outdated security practices and poor governance. For example, Jill might have had access to private data in a previous role, but when she moved on, nobody updated her access privileges; access to that data is no longer required in her current role. That she still has access to it and accesses it is technically a breach.
Breaches happen every day. Think about that the next time you imagine that a breach is only the result of an explicit hack!