<img alt="" src="https://secure.mari4norm.com/163157.png?trk_user=163157&amp;trk_tit=jsdisabled&amp;trk_ref=jsdisabled&amp;trk_loc=jsdisabled" height="0px" width="0px" style="display:none;">


The latest privacy compliance news, issues, resources and
expert advice to save you time and mitigate risk.

Written by Nymity
on November 30, 2017

Throughout the EU, member states are producing and updating their individual data security policies to align with the GDPR. One of the most important facets of any data privacy infrastructure is the breach response policy. While building the appropriate technical and organisational measures into your daily operations will help prevent breaches from occurring, in the event of an investigation, the DPA will require evidence of compliance.It stands to reason, therefore, that data breach is at the forefront of the minds of many organisations preparing to address GDPR compliance this spring. Today, we will detail some of the top trending breach References from within Nymity Research™


New German Law Limits Controller Notice, Access and Breach Notification Obligations
Germany’s new Federal Data Protection Act provides exemptions from compliance with individual’s privacy rights under the GDPR. Germany is the first EU member to pass a GDPR implementation statute, cementing the country’s reputation as one of the most serious privacy jurisdictions in the EU. The statute will affect breach response in the following manner:


Slovenia Requests Comments on Data Protection Bill
The Slovenian Ministry of Justice issued a draft Personal Data Protection Act implementing the GDPR. Within the Act, breach response considerations pertain mainly to breach notification. The Act specifies that personal data breaches must be reported to:


DPA Romania Issues Guidance for Organisations
The Data Protection Authority of Romania has issued guidance for organisations regarding compliance with the GDPR. In particular, the guidelines specify that in the event of a breach, the DPA must be notified within 72 hours, and affected individuals must be notified without undue delay. Further specifics from the guidelines may be reviewed here: https://nymitytools.nymity.com/Public/Reference.aspx?p=cbV8KYrlj7cegcEC_z2qDC0CgSsaqTiSdydUhp6dZU5r4t9ifOTBqEBQ_P2sKyBpk8YKF6jR40qRikKccbxV3w


Czech DPA Outlines New Obligations
The Czech DPA has also released specific guidance on compliance efforts for the GDPR. Where breach response is concerned, the guidelines specify that personal data breaches must be reported to the DPA without undue delay (but within 72 hours of becoming aware), and to affected individuals where there is high risk to their rights and freedoms. This notification should include the nature of the breach, the measures taken, probable consequences, and contact details of the DPO. In determining the risk of a breach, controllers should consider:

  • Categories of the personal data breached
  • Nature of the breach
  • Number of data subjects concerned
  • Intentionality of the breach

 Breaches do not need to be reported if they are considered unlikely to result in a risk to an individual’s rights and freedoms (for example, where pseudonyms and encryption have been employed). Processors are required to report breaches to the controller. Full details on the guidelines can be found at: https://nymitytools.nymity.com/Public/Reference.aspx?p=EgIZWRwdFr1BomjyUzItnDvpgkhTWEk9IsxXCY9SFEdEmfiYtCn4mCMGa28ud7bHk8YKF6jR40qRikKccbxV3w


Stay Up-to-Date on the Latest News in Data Breach Policy
Nymity Research™ provides users with the ability to stay abreast of all current developments in the ever-changing privacy and data protection compliance landscape. It features sophisticated daily custom alerting technology advanced custom push reporting functionality.Each Reference is organised into easy-to-read bullet points, streamlining your research process by highlighting the main takeaways. The stories we’ve discussed today were all pulled from the Quarterly Reference Report entitled, “Top 10 References in European Union Regarding Business Activities: Breach”.

Curious to learn more about how Nymity Research™ can improve your organisation’s privacy measures? Sign up for a free trial today 

request a free trial

You may also like:


Managing Data Breaches, Best Practices for an Accountability Approach

The CCPA, EU’s GDPR, Canada’s PIPEDA, Brazil’s General Data Protection Law, Australia’s notifiable data breach scheme ar...

GDPR ccpa

CCPA, Nevada and the Ever-Changing US Landscape

When we did our last update on the status of US privacy legislation just a few weeks ago, there were 15 States with cons...

GDPR ccpa

GDPR to CCPA and beyond: Overcoming Challenges to Timely Privacy Compliance

A version of this post appeared in Corporate Compliance Insights.