Following the adoption of the new EU General Data Protection Regulation (GDPR) on 27 April 2016, most organisations began to re-examine their internal processes and procedures in order to ensure compliance with the new requirements before its entry into force in May 2018. In this eight article, we will detail the new data breach notification obligations introduced by the GDPR and provide guidelines on how to implement appropriate processes internally in order to comply with such requirement.
Current framework
Under the current EU legislative framework, there is no general obligation for controllers to report personal data breaches either to the data protection authority (DPA) or to data subjects. A sector specific requirement to notify breaches to...
|