Insights & news

EDPB adopts Guidelines on examples regarding data breach notification

  • 26/01/2021
  • Articles

On 18 January 2020, the European Data Protection Board (EDPB) published new guidance on how to handle data breaches in the form of “Examples regarding Data Breach Notification” (Guidelines 01/2021 on Examples regarding Data Breach Notification – the Guidelines). The Guidelines discuss 18 examples of data breaches, explaining in each case whether the breach must be notified to supervisory authorities and/or to the data subjects concerned. In addition, the Guidelines contain useful recommendations on preventive measures and solutions to mitigate the impact of data breaches.  

The Guidelines follow earlier general guidance on the topic from the Article 29 Working Party (WP29). The Guidelines complement the WP29 guidance and provide more practical advice based on the common experiences of the national supervisory authorities of the EEA countries since the GDPR entered into force. 

Please click below to read our note on the new guidelines published by the EDPB.

Attachments:

Key contacts

Related practice areas

Related insights

Sign up for updates
    • 19/02/2021
    • Articles

    European Commission | Assessment of Member State Rules on Health Data in Light of GDPR

    On 12 February 2021, the European Commission’s DG Health and Food Safety published an assessment of the EU Member State rules governing health data in the light of the General Data Protection Regulation (EU) 2016/679 (GDPR). The study’s objective was to examine possible differences between Member States and identify elements that might affect the cross-border exchange of health data in the EU for the purposes of healthcare, research, innovation and policy-making. The European Commission concluded that the existing fragmented approach of national rules governing health data between Member States hampers cross-border co-operation in the provision of healthcare, the administration of healthcare systems and research carried out so as to further public health objectives. The study discusses the use of health data for primary purposes (patient care), for secondary use in public health and for scientific or historical purposes. For each of these uses, the study analyses the legal bases for processing the data under the GDPR and inquires whether local legislation provides for alternatives to the use of consent as a legal basis. In response to the challenges identified, the study suggests actions at EU level to support the European Health Data Space and ensure the best possible use of health data. Furthermore, the study shows that co-operation between the EU Member States is crucial as it should draw on the work of national data protection authorities that come together as the European Data Protection Board, as well as on the numerous national and EU level bodies. Please click on the link below for a short article on the Commission’s assessment.

    Read more
    • 12/02/2021
    • Newsletters

    VBB on Belgian Business Law, Volume 2021, No. 1

    The January 2021 issue of our Belgian Business Law newsletter reporting on the latest developments in a range of areas, including competition, data protection, intellectual property and labour law.

    Read more
    • 10/02/2021
    • News

    'Pink Boxes' for Parents-to-be Fined by Belgian DPA

    The Belgian Data Protection Authority imposed a fine of EUR 50,000 on the marketing company Family Service, which distributes “pink boxes” – well known by mothers and fathers-to-be in Belgium – for various breaches of the GDPR. Not only did the company rent out and/or sell the data of more than one million customers, including the data of children, for commercial purposes without informing its customers in a clear and comprehensible manner. The company also transferred these personal data to its business partner without obtaining a freely given, specific and informed consent. The Data Protection Authority considers the decision to be a warning to data brokers that rent or sell personal data under similar business models without proper compliance with the GDPR.

    Read more

Subscribe to our updates

Please select the practice areas you are interested in: *