A Practical Look at the GDPR’s Data Breach Notification Provision

The E.U. General Data Protection Regulation introduced specific breach notification obligations for data controllers and processors. To help covered entities better understand when notification is required and what processes they should have in place to meet their obligations, the Article 29 Working Party issued Guidelines on Personal Data Breach Notification at the end of 2017. In this article, with advice and perspective from a former Special Agent with the FBI’s Cyber Division and current head of Nardello & Co.’s digital investigations and cybersecurity practice, we covered key concepts of the WP29 guidance, processes organizations should have in place to comply with the GDPR’s breach notification provisions, and strategies to balance global notification requirements. We also looked at the GDPR’s overall effectiveness in addressing cyber risk. See also “Five Months Until GDPR Enforcement: Addressing Tricky Questions and Answers” (Dec. 20, 2017).

To read the full article

Continue reading your article with a CSLR subscription.