EDPB ADOPTS GUIDELINES ON EXAMPLES REGARDING DATA BREACH NOTIFICATION
The European Data Protection Board (“EDPB”) adopted guidelines on examples regarding data breach notification that includes more practice-orientated guidance and recommendations. The guidelines aim to help data controllers to decide how to handle data breaches and what factors to consider during the risk assessment.
Also, the guidelines include;
- An inventory of data breach notification cases deemed most common by the national supervisory authorities; such as ransomware attacks, data exfiltration attacks, and lost or stolen devices and paper documents,
- The most typical good or bad practices by the data controllers,
- How to identify and assess the risks,
- Information about which cases the controller should notify the supervisory authorities and/or the data subjects
The guidelines will be submitted for public consultation for a period of six weeks.
You can find the text of the guidelines and information about public consultation here.
Should you have any queries and/or remarks, please do not hesitate to contact us.