WP29 Publishes New Guidelines on Personal Data Breach Notification Under the GDPR

The GDPR expands the range of obligations that controllers must comply with when processing personal data. Amongst those is the obligation to notify personal data breaches to supervisory authorities and individuals, depending on the likelihood and severity of risks (Articles 33 and 34).

The WP29 released this week its proposed guidelines on this new personal data breach notification. These guidelines are designed to help organisations better understand when a notification is required and what processes they need to have in place to adequately detect and address a breach. Some of the main elements of the WP29 guidelines include the following:

The proposed guidelines are open for consultation until 28 November 2017.

OneTrust will publish later this week a white paper further detailing the content of these proposed guidelines and what they mean, in practice, for organisations.

How OneTrust Helps

OneTrust provides Data Incident and Breach Notification Management tools to assist organisation with meeting their obligations under Articles 33 and 34 of the General Data Protection Regulation (GDPR). This allows organisations to maintain incident and breach records, evaluate against notification requirements, and analyse overall risks with connections to the underlying data inventory.