PATRICIA - Personal dATa bReach awareness in Cybersecurity Incident Handling

EDPS, the European Data Protection Supervisor, and ENISA, the EU Agency for Cybersecurity, are co-organising the cyber exercise PATRICIA - Personal dATa bReach awareness in Cybersecurity Incident Handling, a table-top exercise focusing on personal data breach management. This initiative is organised in the framework of the EDPS 20th-anniversary activities and European Cybersecurity Month Campaign - ECSM, on 3 October 2024 from 08:45 to 16:00 in the EDPS premises.

When: 3rd October 2024 from 08:45 to 16:00.

Where: EDPS premises, rue Montoyer 30, Brussels

The aim is to raise awareness about personal data breaches and foster collaborations among EU institutions (EUIs) staff, including IT personnel, Data Protection Officers (DPOs) and Security Officers, to ensure proper mitigation of risks to the data subjects. Through simulation of real-life cybersecurity incidents on a table-top exercise and sharing knowledge and best practices, participants will be able to improve the management of personal data breaches. This first pilot iteration is a closed event involving six teams of EUIs.

In accordance with Articles 34 and 35 of the EUDPR, the legal framework applicable to the processing of personal data by EU Institutions, all EUIs are legally obliged to notify the EDPS whenever a security incident involving personal data results in a risk to individuals' rights and freedoms. Furthermore, they need to inform the data subjects in case of high risks.

In an environment where the number of cybersecurity incidents in the EU is on the rise and greatly affects the processing of personal data, the PATRICIA exercise is a key component of the awareness campaign on personal data breaches directed to EUIs organised by the EDPS in 2024 as part of its 20th-anniversary activities. It is also part of the European Cybersecurity Month Campaign - ECSM, EU’s annual campaign dedicated to promoting cybersecurity among EU citizens and organisations.