European Data Protection Supervisor
European Data Protection Supervisor

Data Breach

Data Breach

The Regulation 1725/2018 introduces a duty on all EU Institutions and bodies to report certain types of personal data breach to the EDPS. They must do this within 72 hours of becoming aware of the breach, where feasible.
If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, they must also inform those individuals without undue delay. All EU institutions and bodies should ensure that they have the procedures that enable them  to detect a  breach, investigate, take the necessary corrective measures and report. They must keep a record of any personal data breaches, regardless of whether they are required to notify the EDPS.

Filters

11/03/2019
11
Mar
2019

EDPS-ENISA Conference: Towards accessing the risk in personal data breaches

The European Data Protection Supervisor and ENISA organize a conference in Brussels on the 4th of April 2019 in personal data breach notification.

The conference aims to address the aspect of assessing the risk of personal data breaches under the General Data Protection Regulation (GDPR) - (EU) 2016/679 and the Regulation (EU) 2018/1725 for the processing of personal data by EU Institutions and bodies. 

07/12/2018
7
Dec
2018

Guidelines on Personal Data Breach Notification

EDPS guidelines on personal data breach notification for the European Union Institutions and Bodies.

07/12/2018
7
Dec
2018

Data Breach Webform User Guide

User guide for compiling the web form on personal data breach notification.