Asesora Brecha is an useful resource for any data controller processing personal data to assess the obligation to notify Spanish Data Protection Agency about a personal data breach without undue delay, as established in Article 33 of the General Data Protection Regulation.
Data Protection Officers, Processors and Consultants might use it also to obtain relevant information to assess data controllers.
On the basis of the documents obtained, controllers and processors must carry out any necessary adaptations on a case-by-case basis for each processing of personal data, taking into account the risks to the rights and freedoms of natural persons which may result from the processing, depending on its nature, scope, context and purposes (Recital 76 and Article 35.1 of the GDPR).
The tool is simple and free of charge. Once its execution has been completed, the data provided during its development are deleted, so that the Spanish Data Protection Agency can in no case be aware of the information that has been provided.
It is an easy and free tool. Once execution has been completed, data fed to the tool are deleted, and therefore the Spanish Data Protection Agency may not, in any case, come to know the information fed to the tool.
Please note that Asesora Brecha is just an aid to decision making, but the latter inevitably corresponds to the data controller. Under no circumstance does its use represents this Agency opinion on the application of Art. 33 of the GDPR for a specific personal data breach.