Skip to main content

Brussels Privacy Hub Doctoral seminar with Lina Jasmontaite on 'Making data breaches transparent: Protecting personal data through novel duties of notification'

Location: Online
Add to personal calendar

The Brussels Privacy Hub (BPH) is organising a Doctoral Seminar series to give the opportunity to Ph.D. candidates working on privacy and data protection topics at the Law, Science, Technology and Society (LSTS) to present and discuss their work in progress. The aim of the series is to offer Ph.D. students at all research stages a training ground to refine and practice debating their scientific work, and to receive qualified feedback and questions from their peers and privacy and data protection experts. To this aim, each seminar will include a short presentation by the Ph.D. candidate, followed by an open discussion session with the audience. Seminars are also open to external participants. Find more information here.

On 17 May 2021, Lina Jasmontaite will present her PhD research on 'Making data breaches transparent: Protecting personal data through novel duties of notification'.



A requirement for controllers to notify supervisory authorities and individuals about personal data breaches (Articles 33 and 34 of GDPR) is also a new addition to the EU data protection framework. This requirement has been long anticipated, and it has joined the extensive list of attempts by business and legislature to secure (individuals’) data. The current understanding of this requirement is rather narrow and limited to often pragmatic business perspective (i.e., how to get this requirement right and optimise your resources during this process). For example, the literature has mostly addressed practical challenges of such notifications and suggested ways to prepare for such situations. Also, due to the fact that this obligation follows the number of security obligations for controllers and processors in the second section of the fourth chapter of the GDPR, the literature and practitioners regard this requirement as an extension of the security requirements stemming from Articles 32 and 5.1(f) of GDPR.

I am inclined to believe that a comprehensive understanding of two personal data breach notifications is missing. To this end, in my dissertation I seek to understand the role that the legislator has envisioned for personal data breach notifications. I pursue this objective by examining the interaction of the mechanism of a personal data breach notification with the core GDPR principles and other provisions.

During the upcoming doctoral seminar, I am going to provide an overview of my research methodology and framework. I will also elaborate on the concept of a personal data breach.


The link to the event will be sent out in due time to the LSTS mailing list. Interested participants wishing to take part, who are not on that mailing list, can register by sending an email to