• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • About
  • Gowling WLG
  • Legal information
  • Privacy statement
  • Cookie Policy
  • Home
  • About
  • Posts
  • Blogs
    • B2022
    • The IP Blog
    • Public Law & Regulation
    • AI
    • The UPC Blog

LoupedIn

European Data Protection Board issues draft guidelines for data breach notifications

Published on February 18, 2021 by Helen Davenport

European Data Protection Board issues draft guidelines for data breach notifications

The European Data Protection Board (EDPB) has launched a public consultation on its guidelines 01/2021 regarding data breach notification.

The new guidelines aim to assist data controllers in responding to and assessing the risk of personal data breaches by highlighting examples on data breach notification. Whilst some guidance on data breach notification was already available, issued by the Article 29 Working Party in October 2017, the EDPB recognises a need has arisen for a practice-oriented, case-based guidance.

The new guidance reflects the common experiences gained by EEA member states’ supervisory authorities since the General Data Protection Regulation (GDPR) became applicable. The document is intended to complement the 2017 guidelines (Guidelines on Personal Data Breach Notification under Regulation 2016/679, WP250).

The new guidelines will be a useful addition to the toolkit for those responsible for data breach prevention, data breach handling and management, and data breach recognition and prevention training. Articles 33 and 34 of the GDPR require a data controller to, within a very short period of time, carefully assess the risks of a particular incident and decide whether or not notification is required by law.

The guidelines detail 18 example scenarios covering ransomware attacks with varying degrees of severity of risk, data exfiltration attacks, human error incident, lost or stolen devices, postal mail breaches and social engineering, with the goal of providing assistance to data controllers assessing their own data breaches.

Following a detailed risk analysis and assessment for each scenario, there follows a quick reference tick list highlighting reporting actions necessary based on the identified risks. Lists of advisable measures are included and the guidelines also aim to provide prevention ideas and possible solutions, although these are not intended to be exclusive or comprehensive given every processing activity is different.

About the author(s)

Helen Davenport
View Helen's profile | See recent posts

Helen Davenport advises clients on data privacy and cyber security matters. She also helps clients resolve commercial disputes, in an efficient and commercially pragmatic way.

  • Helen Davenport
    https://loupedin.blog/author/helendavenport/
    British Airways data breach compensation claim settled

Helen Davenport

Helen Davenport advises clients on data privacy and cyber security matters. She also helps clients resolve commercial disputes, in an efficient and commercially pragmatic way.

Filed Under: News Tagged With: Data protection, EDPB, Europe

Views expressed in this blog do not necessarily reflect those of Gowling WLG.

NOT LEGAL ADVICE. Information made available on this website in any form is for information purposes only. It is not, and should not be taken as, legal advice. You should not rely on, or take or fail to take any action based upon this information. Never disregard professional legal advice or delay in seeking legal advice because of something you have read on this website. Gowling WLG professionals will be pleased to discuss resolutions to specific legal concerns you may have.

Primary Sidebar

Recent Posts

  • Transferring data out of China? Understand the key points from the Chinese Standard Contractual Clauses
  • Getting ready for pensions dashboards
  • Unified Patent Court to start on 1 June 2023 as Germany ratifies

Tags

apprenticeships (5) Artificial Intelligence (AI) (52) Autonomous vehicles (11) b2022 (18) Birmingham 2022 (8) Birmingham 2022 Commonwealth Games (14) brand protection (5) Brands and designs (5) Brexit (23) china (5) Climate change (12) COP26 (11) Copyright (8) COVID-19 (23) Cyber security (5) Data protection (6) Employment (13) employment law (9) Environment (8) ESG (21) ESG and pensions (9) financial services (5) Intellectual Property (59) IP (9) Life sciences (6) net zero (6) Patents (28) Pensions (41) Pension scams (5) Pension Schemes Act 2021 (11) Pensions dashboards (7) Pensions in 2022 (10) Pensions law (31) Procurement (7) Public Law & Regulation (39) Real Estate (16) Retail (6) sustainability (7) Tech (45) The Week In Pensions (11) Trademarks (13) UK (15) unified patents court (9) UPC (24) Week in HR (8)

Categories

Archives

Gowling WLG is an international law firm comprising the members of Gowling WLG International Limited, an English Company Limited by Guarantee, and their respective affiliates. Each member and affiliate is an autonomous and independent entity. Gowling WLG International Limited promotes, facilitates and co-ordinates the activities of its members but does not itself provide services to clients. Our structure is explained in more detail on our Legal Information page.

Footer

LoupedIn is the Official Gowling WLG Blog. Gowling WLG is an international law firm comprising the members of Gowling WLG International Limited, an English Company Limited by Guarantee, and their respective affiliates. Each member and affiliate is an autonomous and independent entity. Gowling WLG International Limited promotes, facilitates and co-ordinates the activities of its members but does not itself provide services to clients. Our structure is explained in more detail on our Legal Information page.

  • Home
  • About
  • Gowling WLG
  • Legal information
  • Privacy statement
  • Cookie Policy

© 2023 Gowling WLG

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT