Stay up to date with the latest developments in data protection regulations. The European Data Protection Board (EDPB) has recently released updated Guidelines (Version 2.0) on personal data breach notification under GDPR. These Guidelines, adopted on March 28, 2023, provide valuable insights into mandatory breach notification and communication requirements outlined in Article 33 and Article 34 of the GDPR.
Learn how to navigate the complexities of breach notification and discover which authorities need to be notified in different scenarios. The Guidelines offer practical examples of various breach types, helping you ensure compliance and effective communication.
Notable amendments have been made in Version 2.0, including an important change in the interpretation of Article 73. Understand how the presence of a representative designated by the controller or processor no longer triggers the one-stop-shop mechanism. Instead, notification must be made to each supervisory authority in the Member State where affected data subjects reside, putting the responsibility on the controller.
Furthermore, the EDPB clarifies the role of representatives in the EU, highlighting their incompatibility with external data protection officers. Only when explicitly stated in their mandate can representatives be involved in the data breach notification process. Familiarize yourself with these distinctions to ensure proper compliance and adherence to the Guidelines.
The adoption of this new version of the Guidelines represents a significant step towards achieving effective data protection regulation. Explore its implications and stay ahead of the evolving landscape of data protection practices.
You can read the full text of the Guidelines here.