On January 18, 2024, the European Data Protection Board published a thematic one-stop-shop (“OSS”) case digest titled, “Security of Processing and Data Breach Notification” (the “Digest”). The Digest analyzes a selection of decisions adopted by EU data protection authorities on data security and data breaches.
The Digest addresses topics including the appropriateness of technical and organizational data security measures used by organizations, the causes of personal data breaches (e.g., malicious attacks by external entities, insufficient company practices and systems, human error), and data breach notification to data protection authorities and impacted data subjects.