The EDPB Releases Draft Practical Guidelines on Personal Data Breach Notification

The European Data Protection Board (“EDPB”) has recently released draft guidelines on personal data breach notification.   These new guidelines complement the previous and more general guidelines on the same subject that were issued by the EDPB, then the article 29 Working Party, in October 2017 (see here for more details) Although quite comprehensive, the previous guidelines lacked practical details in certain regards as they were drafted at a time where the authorities and organisations did not have much experience of personal data breach notification. More than two years later, the EDPB has decided to provide guidelines made up of practical examples taken from their experiences. The guidelines cover the most common/usual type of personal data breaches that organisations may encounter and provides its analysis including the measures to be ...
Read More

Other News

 

The EDPB Releases Draft Practical Guidelines on Personal Data Breach Notification

The EDPB Releases Draft Practical Guidelines on Personal Data Breach Notification

The European Data Protection Board (\"EDPB\") has recently released new draft guidelines on personal data breach notification.   These new guidelines complement the previous and more general guidelines on the same subject that were issued by the EDPB, then the article 29 Working Party, in October ...
E-Privacy: The EU Council agrees on a draft regulation

E-Privacy: The EU Council agrees on a draft regulation

On February 10, 2021,  member states agreed on a negotiating mandate for revised rules on the protection of privacy and confidentiality in the use of electronic communications services (e-privacy regulation). These updated ‘ePrivacy’ regulation will specify when service providers are ...
Brexit: The GDPR Applies Until July 2021 Except For The One-Stop-Shop Mechanism

Brexit: The GDPR Applies Until July 2021 Except For The One-Stop-Shop Mechanism

As part of the Trade and Cooperation Agreement concluded on 24 December 2020 between the European Union and the United Kingdom, it has been agreed that the GDPR will remain applicable in the United Kingdom for a maximum period of ...
FR – Cookies : The CNIL Issues Two Record Fines of €100M and €35M Against Google and Amazon

FR – Cookies : The CNIL Issues Two Record Fines of €100M and €35M Against Google and Amazon

On December 7, 2020, the CNIL (the French data protetion authority) pronounced two record sanctions of €100 million against GOOGLE LLC and GOOGLE IRELAND LIMITED (€60 and €40 million respectively), and €35 million against AMAZON EUROPE CORE for non-compliance with ...
Schrems II: The EDPB Released Recommandations While The Commissions Drafted New Sets Of SCCs

Schrems II: The EDPB Released Recommandations While The Commissions Drafted New Sets Of SCCs

During its 40th and 41st plenary sessions that took place in November, the European data protection board (EDBP) adopted the following recommendations:  – Recommendations on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal ...
The CJEU Sets Its Standards For Obtaining A Valid GDPR Consent

The CJEU Sets Its Standards For Obtaining A Valid GDPR Consent

By Decision of 11 November 2020 (C-61/19), the Court of Justice of the European Union (CJEU) specified the conditions applicable to obtain a GDPR compliant consent.  Indeed, the Court ruled that the data subjects\' consent to the processing of their personal data was not valid in the following ...