Data Breach Response: Latest News from the European Union

Written by Nymity
on November 30, 2017

Throughout the EU, member states are producing and updating their individual data security policies to align with the GDPR. One of the most important facets of any data privacy infrastructure is the breach response policy. While building the appropriate technical and organisational measures into your daily operations will help prevent breaches from occurring, in the event of an investigation, the DPA will require evidence of compliance.

It stands to reason, therefore, that data breach is at the forefront of the minds of many organisations preparing to address GDPR compliance this spring. Today, we will detail some of the top trending breach References from within Nymity Research™

New German Law Limits Controller Notice, Access and Breach Notification Obligations
Germany’s new Federal Data Protection Act provides exemptions from compliance with individual’s privacy rights under the GDPR. Germany is the first EU member to pass a GDPR implementation statute, cementing the country’s reputation as one of the most serious privacy jurisdictions in the EU. The statute will affect breach response in the following manner:

Slovenia Requests Comments on Data Protection Bill
The Slovenian Ministry of Justice issued a draft Personal Data Protection Act implementing the GDPR. Within the Act, breach response considerations pertain mainly to breach notification. The Act specifies that personal data breaches must be reported to:

DPA Romania Issues Guidance for Organisations
The Data Protection Authority of Romania has issued guidance for organisations regarding compliance with the GDPR. In particular, the guidelines specify that in the event of a breach, the DPA must be notified within 72 hours, and affected individuals must be notified without undue delay. Further specifics from the guidelines may be reviewed here:

Czech DPA Outlines New Obligations
The Czech DPA has also released specific guidance on compliance efforts for the GDPR. Where breach response is concerned, the guidelines specify that personal data breaches must be reported to the DPA without undue delay (but within 72 hours of becoming aware), and to affected individuals where there is high risk to their rights and freedoms. This notification should include the nature of the breach, the measures taken, probable consequences, and contact details of the DPO. In determining the risk of a breach, controllers should consider:

  • Categories of the personal data breached
  • Nature of the breach
  • Number of data subjects concerned
  • Intentionality of the breach

Breaches do not need to be reported if they are considered unlikely to result in a risk to an individual’s rights and freedoms (for example, where pseudonyms and encryption have been employed). Processors are required to report breaches to the controller. Full details on the guidelines can be found at:

Stay Up-to-Date on the Latest News in Data Breach Policy
Nymity Research™ provides users with the ability to stay abreast of all current developments in the ever-changing privacy and data protection compliance landscape. It features sophisticated daily custom alerting technology advanced custom push reporting functionality.Each Reference is organised into easy-to-read bullet points, streamlining your research process by highlighting the main takeaways. The stories we’ve discussed today were all pulled from the Quarterly Reference Report entitled, “Top 10 References in European Union Regarding Business Activities: Breach”.

Curious to learn more about how Nymity Research™ can improve your organisation’s privacy measures? Sign up for a free trial today

You may also like:

GDPR ccpa
New IAPP and TrustArc Report Reveals a Majority of Companies Are Embracing a Single Global Data Protection Strategy

Survey explores differences in data and privacy practices based on company size, location, sector and geographic reach

GDPR ccpa
TrustArc’s Nymity Awareness Tracker Enables Privacy Knowledge Across Entire Business

Tailored Information Empowers Privacy Champions at Every Level

GDPR ccpa
REIMAGINING PRIVACY: TrustArc Acquires Nymity

Terry McQuay, President and Founder at Nymity Today we’re pleased and proud to be announcing that Nymity, the company ...