EU: EDPB announces public consultation on guidelines on data breach notification examples
The European Data Protection Board ('EDPB') announced, on 18 January 2021, that it will launch a public consultation on its Guidelines 01/2021 on Examples regarding Data Breach Notification. In particular, the guidelines consider that since the EDPB's Guidelines on Personal Data Breach Notification under Regulation 2016/679 did not address all practical issues in sufficient detail, the need has arisen for a practice-oriented, case-based guidance that utilises the experiences gained by supervisory authorities since the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR') entered into force. In addition, the guidelines aim to help data controllers in deciding how to handle data breaches and what factors to consider during risk assessment. Moreover, the guidelines address, among other things, examples in relation to ransomware, data exfiltration attacks, internal human risk source, lost or stolen devices and paper documents, mispostal, and other cases such as social engineering.
Comments should be sent from 18 January 2021 until 2 March 2021 at the latest.