In the event of a data leak, personal data within a company is unintentionally accessed, destroyed, modified or released. In short, if your company cannot be certain that a breach of security has not resulted in the unlawful processing of personal data which you are processing on Vattenfall's behalf, the data leak must be reported to Vattenfall.
Examples of breaches of security which must be reported to Vattenfall include:
i) the loss of unprotected USBs/DVDs/CDs containing personal data, ii) hackers breaking into a database, iii) an email sent in which the email addresses of all the recipients can be seen by all the other recipients, iv) data has been lost and there is no back-up available and v) a malware infection.