Many supervisory authorities across Europe have reported increasing numbers of data breach notifications since the introduction of GDPR. While most companies are now familiar with the 72-hour reporting obligation for controllers to supervisory authorities, whether such obligation has been triggered continues to present unique and complex questions in each specific security event. To help aid companies sorting through these potential legal notification obligations in the aftermath of a security event, the EDPB recently released draft guidance, which is open for comment until 2 March 2021.
Continue Reading Companies Have Until March to Comment on EDPB Data Breach Notification Guidelines