The Regulation 1725/2018 introduces a duty on all EU Institutions and bodies to report certain types of personal data breach to the EDPS. They must do this within 72 hours of becoming aware of the breach, where feasible.
If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, they must also inform those individuals without undue delay. All EU institutions and bodies should ensure that they have the procedures that enable them to detect a breach, investigate, take the necessary corrective measures and report. They must keep a record of any personal data breaches, regardless of whether they are required to notify the EDPS.
EDPS and ENISA are co-organising the cyber exercise PATRICIA - Personal dATa bReach awareness in Cybersecurity Incident Handling, a table-top exercise focusing on personal data breach management. This initiative is organised in the framework of the EDPS 20th-anniversary activities and European Cybersecurity Month Campaign on 3 October 2024 from 08:45 to 16:00 in the EDPS premises.
Executive Summary of the Audit report on the Internal Market Information System (IMI) at the European Commission (DG GROW)
New Year? New Newsletter edition! In issue #99, find out more about our top consultations and complaints dealt with in 2022, our activities to mark data protection day. As well as our latest Opinions, including one that may have an impact on your holidays, and one concerning your instant payments! This issue is also part of our podcast series, the Newsletter Digest.
In newsletter #97, learn about and sign up to our upcoming Supervision Conference. Read up on our latest audit on three of the EU's large IT systems, our Formal Comments on Smart Meters, our latest Supervisory Opinion, and more!