10. januar 2022

The European Data Protection Board publishes final version of guidelines on examples regarding data breach notifications.

Following public consultation, the EDPB adopted a final version of the Guidelines on examples regarding data breach notifications. These guidelines complement the Article 29 Working Party guidance on data breach notification by introducing more practice orientated guidance and recommendations. They aim to help data controllers respond to personal data breaches and comply with their notification obligations under the GDPR.

Breaches should be notified when the data controller is of the opinion that it is likely to result in a risk to the rights and freedoms of the data subject, and the guidelines provide case studies to help data controllers and processors perform a risk assessment when they become aware of the breach.

Case studies include incidents involving ransomware attacks, data exfiltration attacks, human error and lost devices and documents. The scenarios and recommended steps to be followed are based on the collected experiences of various EEA supervisory authorities amidst a rising volume of cyber-attacks and other data breach incidents.


Ruth Caddock Hansen
Advokat (Attorney, Denmark) and solicitor (England og Wales), partner
Jørgen Pedersen
Advokat (H), partner (Attorney)
Gitte Nedergaard
Advokat (H), partner (Attorney)
David Kjær Hermansen
Advokat (Attorney)
Andreas Peter Olesen
Advokat (Attorney)
Sofie Thøgersen
Advokat (L) (Barselsorlov)
Michela Korsholm
Alvin Lee Kuiper
Puk Jespersen
Gitte Meyer
Trinh Nguyen
Alexander Hoyer Olsen
Lærke Maria Mark Jensen
Advokatstuderende (stud.jur.)
Alexander Gyldenløve Sørensen
Advokatstuderende (stud.jur.)
Niclas Vito Böttcher Neigaard
Advokatstuderende (stud.jur.)
Pia Bidstrup
Chief accountant
Laura Vrbovci Damgaard
Advokatstuderende (stud.jur.)
Mikail Özer
Advokatstuderende (stud.jur.)
Janni Føste Andersen
Advokatstuderende (stud.jur.)
Mogens Tougaard
Sales manager
Jonas Duedahl Kristiansen
Salgschef, Fyn og den sydlige del af Jylland
Dudal Webdesign