On 18 January 2021, the EDPB announced it has adopted for public consultation guidelines on examples regarding data breach notification.
These guidelines aim at complementing the Guidelines on personal data breach notification (wp250rev.01) by providing, among others:
- an inventory of data breach notification cases deemed most common by the national supervisory authorities, such as ransomware attacks, data exfiltration attacks and lost or stolen devices, and paper documents;
- good and bad practices, as well as guidelines on how controllers should identify and assess the risks, including the factors for which greater attention is recommended.
The guidelines will be submitted for public consultation for a period of six weeks as of 18 January 2021.
The consultation page is available here, and the guidelines here.