On October 3rd 2017, the EU’s Article 29 Working Party (WP29) adopted its draft of ‘Guidelines on Personal data breach notification under General Data Protection Regulation. Even though the document is still open for comments by stakeholders until November 28th, this article takes a preliminary look at the guidelines’ main takeaways and recalls upon data breach obligations arising from other instruments that payment – communication - and internet service providers might also have to comply with.
Read these guidelines to learn more about:
• When a data breach notification is needed (and not) • What are the duties of a data controller • Keeping a record of data breaches • What happens in case of compliance failure • Data breach obligations under other legal instruments.
The paper How to tackle data breaches notifications under GDPR is available here.
Have these guidelines been useful to you? Please leave your feedback at editor@thepaypers.com.
You can read similar stories on this topic in our Web Fraud Prevention and Online Authentication Market Guide 2017/2018 available for download here.