The EDPB has published a thematic one-stop-shop case digest on Security of Processing (Art. 32 GDPR) and Data Breach Notification (Art. 33 & 34 GDPR).
Since the entry into force of the GDPR, data protection authorities (DPAs) have closely cooperated to adopt a growing number of one-stop-shop decisions on data security and data breaches.
The case digest offers valuable insights on how DPAs have interpreted and applied GDPR provisions in diverse scenarios, such as hacking, ransomware, or accidental data disclosure.
Case handlers working within DPAs now have a rich pool of analyses of security incidents, along with the corresponding security measures found to be appropriate or not in the specific context.
The summary and analysis of these decisions are useful for organisations (both controllers and processors) when assessing whether their security measures are appropriate, both before and following a data breach.
This is the second instalment of the EDPB’s case digests, which look at a selection of one-stop-shop decisions taken from the EDPB’s public register. The one-stop-shop case digest are produced within the framework of the EDPB Support Pool of Experts, a strategic initiative that helps DPAs increase their capacity to supervise and enforce.