On January 18, 2021, the European Data Protection Board (EDPB), comprised of all national supervisory authorities (SAs) of the European Union, published draft guidelines for data breach notification1 (the Guidelines).
The Guidelines provide useful insight into how regulators apply the General Data Protection Regulation (GDPR) personal data breach notifications rules. Specifically, they describe six common types of personal data breaches (i.e., ransomware, data exfiltration attacks, internal human risk, lost or stolen device and paper documents, misposted data, and social engineering attacks), and offer 18 case studies. Through these case studies, the EDPB seeks to clarify organizations’ notification and remediation obligations.
Continue Reading EDPB Publishes New Guidance for Data Breach Notification