The European Data Protection Board (EDPB) issued draft practical guidance on various types of data breaches to assist companies with identifying situations in which a data security incident may need to be reported to EU supervisory authorities (the government regulator for privacy in various EU member countries) and to the individuals themselves. One example discussed

The European Data Protection Board (EDPB) issued draft practical guidance on various types of data breaches to assist companies with identifying situations in which a data security incident may need to be reported to EU supervisory authorities (the government regulator for privacy in various EU member countries). The guidance includes how to respond to a

Given the circumstances of most ransomware attacks, likely yes.

The EDPB issued practical guidance on various types of data breaches, giving top billing to ransomware attacks. Given the recent increase in ransomware attacks likely due to the sudden shift to remote work in response to COVID-19, the EDPB’s guidance focuses extensively on ransomware attacks. In

When the GDPR took effect in 2018, it required notification within 72 hours to supervisory authorities in the EU of a data breach likely to result in a risk to the rights and freedoms of individuals, and subsequent notification to the individuals themselves if the breach could give rise to such a “high” risk. Unlike