A requirement for controllers to notify supervisory authorities (SA) and individuals about personal data breaches (Articles 33 and 34 of GDPR) is a new addition to the EU data protection framework. This requirement has joined the extensive list of attempts to secure (individuals’) data. The understanding of this requirement has been shaped by pragmatic business perspective (i.e., how to get this requirement right and optimise your resources during this process) and more recently by SA enforcement actions. In view of the latter during the event, we will discuss what data breaches and their notifications to SAs and individuals have revealed about the GDPR.
In particular, the participants will elaborate on the following questions:
How do notification requirements concerning data personal data breaches interact with data protection principles (Article 5 of GDPR) and other GDPR provisions?
What are the approaches to determine whether a personal data breach is ‘likely to result in a high risk to the rights and freedoms of natural persons’?
What actions do supervisory authorities take in response to personal data breach notifications?
For more information and registration, see here.