EDPB launches public consultation on guidelines on data breach notification examples

26.01.2021

On 18 January 2021, the EDPB announced it has adopted for public consultation guidelines on examples regarding data breach notification.

These guidelines aim at complementing the Guidelines on personal data breach notification (wp250rev.01) by providing, among others:

an inventory of data breach notification cases deemed most common by the national supervisory authorities, such as ransomware attacks, data exfiltration attacks and lost or stolen devices, and paper documents;
good and bad practices, as well as guidelines on how controllers should identify and assess the risks, including the factors for which greater attention is recommended.

The guidelines will be submitted for public consultation for a period of six weeks as of 18 January 2021.

The consultation page is available here, and the guidelines here.

-                                        Number of fines
-                                        Highest fine
+,000 €
-                                        Lowest fine
+€
-                                        Total amount of fines
+,000 €
-                                        Number of corrective measures
-                                        Number of fines triggered by data breach notifications
-                                        Number of fines triggered by complaints
-                                        Legal provisions mentioned in press releases
+                                        Article 24 (1), Article 32 (1) b), d), (2) of GDPR, Article 18 (2) of Law 102/2005