Fire at OVH: sites that have lost personal data must alert the CNIL

The CNIL has distributed a note on its website reminding websites of the GDPR rules. If they have lost personal data, it must be reported to the authority.

Complicated weekend for OVH. Ten days after the fire in its data center in Strasbourg, which caused the destruction of servers in one of the four sectors of the site, the French host faced another incident on the evening of March 19 to 20 : Smoke was coming out of defective batteries. Fortunately, the problem was contained very early on by the firefighters.

For the managers of sites that hosted personal data, and whose servers are part of destroyed or damaged infrastructure, the period is also not the quietest. In addition to the inventory of damage, loss of activity and economic repercussions, they also face administrative obligations. This is what the Cnil recalls on Monday, March 22.

A fire whose effects concern the GDPR

The provisions of the General Data Protection Regulation (GDPR) indeed provide for an obligation to notify in the event of the unavailability or destruction of personal data, including when this unavailability or destruction is the consequence of a fire in a data center. . In France, it is to the National Commission for Informatics and Freedoms that we must turn.

The GDPR sets out in Article 33 the circumstances under which a notification to the supervisory authority of a personal data breach must take place. However, the definition of a personal data breach includes destruction, loss, alteration, unauthorized disclosure and fraudulent access, whether unlawfully or accidentally.

The CNIL has prepared a sheet to specify in which cases this notification must take place, because it is not systematically required, including in the case of the fire at OVH. This is the case if the activity was able to be maintained despite the temporary loss of the Strasbourg data center, or if backups were able to be deployed quickly, so that the effects on Internet users were minimal.

Recommended
The latest Microsoft Build in the Release Preview ring shows the latest version: this is an upgrade

According to the latest news, OVH has decided to no longer relaunch the part of its data center (SBG1) which was located near the container where these famous batteries were placed at the origin of the incident on March 19. The servers concerned are relocated in SBG4 (one of the two spared zones, with SBG3), or in other data centers of the group, in Roubaix and Gravelines.

Related Articles

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker. Thanks.