10. januar 2022

The European Data Protection Board publishes final version of guidelines on examples regarding data breach notifications.

Following public consultation, the EDPB adopted a final version of the Guidelines on examples regarding data breach notifications. These guidelines complement the Article 29 Working Party guidance on data breach notification by introducing more practice orientated guidance and recommendations. They aim to help data controllers respond to personal data breaches and comply with their notification obligations under the GDPR.

Breaches should be notified when the data controller is of the opinion that it is likely to result in a risk to the rights and freedoms of the data subject, and the guidelines provide case studies to help data controllers and processors perform a risk assessment when they become aware of the breach.

Case studies include incidents involving ransomware attacks, data exfiltration attacks, human error and lost devices and documents. The scenarios and recommended steps to be followed are based on the collected experiences of various EEA supervisory authorities amidst a rising volume of cyber-attacks and other data breach incidents.

 

Ruth Caddock Hansen
Advokat (Attorney, Denmark) and solicitor (England og Wales), partner
Jørgen Pedersen
Advokat (H), partner (Attorney)
Gitte Nedergaard
Advokat (H), partner (Attorney)
David Kjær Hermansen
Advokat (Attorney)
Andreas Peter Olesen
Advokat (Attorney)
Michela Korsholm
Advokatfuldmægtig
Alvin Lee Kuiper
IT-supporter
Puk Jespersen
Sekretær
Gitte Meyer
Secretary
Trinh Nguyen
Secretary
Inka Schlichting
Legal trainee
Lærke Maria Mark Jensen
Advokatstuderende (stud.jur.)
Alexander Gyldenløve Sørensen
Advokatstuderende (stud.jur.)
Niclas Vito Böttcher Neigaard
Advokatstuderende (stud.jur.)
Pia Bidstrup
Chief accountant
Jeanette Kjær
Receptionist
Mogens Tougaard
Sales manager
Jonas Duedahl Kristiansen
Salgschef, Fyn og den sydlige del af Jylland
Dudal Webdesign