Print

Data Breach

The Regulation 1725/2018 introduces a duty on all EU Institutions and bodies to report certain types of personal data breach to the EDPS. They must do this within 72 hours of becoming aware of the breach, where feasible.
If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, they must also inform those individuals without undue delay. All EU institutions and bodies should ensure that they have the procedures that enable them  to detect a  breach, investigate, take the necessary corrective measures and report. They must keep a record of any personal data breaches, regardless of whether they are required to notify the EDPS.

 

Filters

30
Jun
2021

Newsletter (87)

In newsletter #87, catch up on the latest EDPB - EDPS Joint Opinion on Artificial Intelligence; find out how you can learn more about data protection with the EDPS' new online training programme; read the EDPS' curated Case Law Digest on international transfers of personal data; and much more! 

6
May
2021

Personal Data Breaches in a Nutshell

 

Image of the coverpage of the fachsheet

All EU institutions, offices, bodies and agencies process personal data to recruit staff, pay salaries or negotiate service contracts, for example. If this personal data is lost, stolen or obtained accidently or deliberately, it is a personal data breach. What can you do if a personal data breach occurs? When should the breach be communicated to individuals? This factsheet will help you deepen your knowledge on personal data breaches.

Available languages: German, English, French
Topics
19
Apr
2021

Annual Report 2020

The year 2020 was unique for the world and, by extension, for the European Data Protection Supervisor (EDPS). Like many other organisations, the EDPS had to adapt its working methods as an employer, but also its work since the COVID-19 health crisis strengthened the call for the protection of individuals' privacy. 

This Annual Report provides an insight into all EDPS activities in 2020. 

The Executive Summary of the EDPS Annual Report 2020 will be made available in all official languages of the EU in due course. 

HTML Version: EN

Full text of Annual Report (PDF)
Available languages: English
Summary (PDF)
Available languages: Bulgarian, Czech, Danish, German, Estonian, Greek, English, Spanish, French, Irish, Croatian, Italian, Latvian, Lithuanian, Hungarian, Maltese, Dutch, Polish, Portuguese, Romanian, Slovak, Slovenian, Finnish, Swedish
11
Mar
2019

EDPS-ENISA Conference: Towards accessing the risk in personal data breaches

The European Data Protection Supervisor and ENISA organize a conference in Brussels on the 4th of April 2019 in personal data breach notification.

The conference aims to address the aspect of assessing the risk of personal data breaches under the General Data Protection Regulation (GDPR) - (EU) 2016/679 and the Regulation (EU) 2018/1725 for the processing of personal data by EU Institutions and bodies. 

For more information and registration please follow this link.

Topics