Evaluating the WP29's recent guidance on data breaches

With the implementation date for the General Data Protection Regulation (‘GDPR’) fast approaching and bringing with it the most significant shift in the data protection and privacy landscape in recent years, the Article 29 Working Party published guidance on 3 October 2017, entitled ‘Guidelines on Personal data breach notification under Regulation 2016/79’. In this article Richard Jeens and Mohan Rao analyse this recently published guidance, which is intended to provide clarity on the boundaries and expectations of handling a data breach notification under the GDPR. This article analyses the guidance in relation to the possible types of data breach and their notification requirements.

A version of this article first appeared in the November 2017 edition of Cyber Security Practitioner.