EDPS comments on the model for working arrangements to be concluded by the European Border and Coast Guard Agency with the authorities of third countries.
The Regulation 1725/2018 introduces a duty on all EU Institutions and bodies to report certain types of personal data breach to the EDPS. They must do this within 72 hours of becoming aware of the breach, where feasible.
If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, they must also inform those individuals without undue delay. All EU institutions and bodies should ensure that they have the procedures that enable them to detect a breach, investigate, take the necessary corrective measures and report. They must keep a record of any personal data breaches, regardless of whether they are required to notify the EDPS.
The European Data Protection Supervisor and ENISA organize a conference in Brussels on the 4th of April 2019 in personal data breach notification.
The conference aims to address the aspect of assessing the risk of personal data breaches under the General Data Protection Regulation (GDPR) - (EU) 2016/679 and the Regulation (EU) 2018/1725 for the processing of personal data by EU Institutions and bodies.
For more information and registration please follow this link.
EDPS guidelines on personal data breach notification for the European Union Institutions and Bodies.