10. januar 2022

The European Data Protection Board publishes final version of guidelines on examples regarding data breach notifications.

Following public consultation, the EDPB adopted a final version of the Guidelines on examples regarding data breach notifications. These guidelines complement the Article 29 Working Party guidance on data breach notification by introducing more practice orientated guidance and recommendations. They aim to help data controllers respond to personal data breaches and comply with their notification obligations under the GDPR.

Breaches should be notified when the data controller is of the opinion that it is likely to result in a risk to the rights and freedoms of the data subject, and the guidelines provide case studies to help data controllers and processors perform a risk assessment when they become aware of the breach.

Case studies include incidents involving ransomware attacks, data exfiltration attacks, human error and lost devices and documents. The scenarios and recommended steps to be followed are based on the collected experiences of various EEA supervisory authorities amidst a rising volume of cyber-attacks and other data breach incidents.

 

Ruth Caddock Hansen
Advokat (Attorney, Denmark) and solicitor (England og Wales), partner
Jørgen Pedersen
Advokat (H), partner (Attorney)
Gitte Nedergaard
Advokat (H), partner (Attorney)
David Kjær Hermansen
Advokat (Attorney)
Andreas Peter Olesen
Advokat (Attorney)
Inka Schlichting
Legal trainee
Sofie Thøgersen
Advokatfuldmægtig
Alvin Lee Kuiper
IT-supporter
Gitte Meyer
Secretary
Lærke Maria Mark Jensen
Advokatstuderende (stud.jur.)
Pia Bidstrup
Chief accountant
Alexander Gyldenløve Sørensen
Advokatstuderende (stud.jur.)
Puk Jespersen
Reception and administration
Niclas Vito Böttcher Neigaard
Advokatstuderende (stud.jur.)
Trinh Nguyen
Secretary
Lars Munk Jensen
Legal trainee
Mogens Tougaard
Sales manager
Leo Larsen
Sales manager
Dudal Webdesign