International Regulatory Strategy Group
Published 10 Mar 2021
The IRSG welcomes the opportunity to share this short technical response, following the European Data Protection Board (EDPB) publication of guidelines on Examples regarding Data Breach Notification.
Overall, the IRSG welcomes the new Guidance. It is a series of practice-orientated, case-based guidance that shares regulatory authority experiences gained from GDPR application. It is helpful to see a regulatory approach to real-life case examples. As we continue globally to fight the pandemic, and move to vaccinations roll-outs – which brings both new considerations for employers hoping to support their staff and work in alignment with government programmes, and hopefully supports a safe reduction/removal of current economic restrictions – it is helpful to see pragmatic support from regulators to apply a fair and proportionate risk-based approach to data breach assessments. However, there are a couple of areas where refining/re-assessment would be welcomed by IRSG Members, which are further explained in the paper.