EDPB adopts Guidelines on examples regarding data breach notification

Jan 17, 2021

Source: European Data Protection Board

The EDPB adopted guidelines on examples regarding data breach notification. These guidelines complement the WP 29 guidance on data breach notification by introducing more practice orientated guidance and recommendations. They aim to help data controllers in deciding how to handle data breaches and what factors to consider during risk assessment. The guidelines contain an inventory of data breach notification cases deemed most common by the national supervisory authorities (SAs), such as ransomware attacks; data exfiltration attacks; and lost or stolen devices and paper documents. Per case category, the guidelines present the most typical good or bad practices, advice on how risks should be identified and assessed, highlight the factors that should be given particular consideration, as well as inform in which cases the controller should notify the SA and/or notify the data subjects. The guidelines will be submitted for public consultation for a period of six weeks.

The guidelines and more information about the public consultation are available here

Recent news

EDPB calls for coherence of digital legislation with the GDPR

Brussels, 04 December - During its December 2024 plenary, the European Data Protection Board (EDPB) adopted a statement on the second report of the European Commission on the application of the General Data Protection Regulation (GDPR).* In its statement, the EDPB...

read more

EDPB stakeholder event AI models

The EDPB is holding a stakeholder event on “AI models” with participants representing European sector associations, organisations, NGOs, individual companies, law firms and academics.    During today’s event, the EDPB will collect input for of the preparation of a...

read more