European Data Protection Digest

The Future of Dealing With Data Breaches

PRIVACY LAW—EU

September 12, 2013

The Lawyer reports on the European Commission’s draft data protection regulation and the mandatory reporting of data security breaches. “Organisations would have to inform the relevant data protection authority (DPA) of a breach ‘without undue delay and, where feasible, not later than 24 hours of becoming aware of it,’” the report states, highlighting key provisions in the draft. “Most obviously, in the current draft there are no exceptions to the requirement to notify data security breaches to DPAs. This means that every security breach, no matter how insignificant, will, in theory, have to be reported,” the report states. (Registration may be required to access this story.) Editor's Note: Laura Vivet Tañà, CIPP/US, CIPP/E, examines the EU data breach notification rule in a recent feature for The Privacy Advisor.
Full Story