EU: Insurance Europe highlights need to bring EDPB data breach guidelines in line with GDPR risk based approach
Insurance Europe published, on 2 March 2021, its response to the European Data Protection Board ('EDPB') public consultation on draft guidelines regarding data breach notifications. In particular, Insurance Europe noted that the data breach guidelines require a full revision to account for the risk-based approach present in the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'). More specifically, Insurance Europe highlighted that in respect to accidental disclosure of insurance documents, the EDPB had suggested that the data controller must communicate with the data subject regardless of whether the risk of misuse of private information contained in said documents is low. Further to this, Insurance Europe considered that the data breach guidelines are not in line with the risk-based approach of the GDPR, as well as noting that breaches that involve a limited number of non-sensitive personal data should generally be treated as low risk by businesses.