Law firm Pinsent Masons has confirmed its objections to the latest change by the European Data Protection Board (EDPB) to remove the one-stop shop reporting mechanism contained in its new draft data breach notification guidelines. The changes would particularly impact businesses not established in the EU and would mean data breaches can no longer only be notified to the lead supervisory authority (SA) in the EU member state where the controller's representative is established. The new guidelines state that the "mere presence of a representative in a member state does not trigger the one-stop-shop system." Consequently, a breach of the regulations would need to be notified to every SA where affected data subjects reside. Pinsent Masons Partner David McIlwaine said: "It is already very challenging for multinational businesses who suffer a data breach to manage their breach notification duties, as typically a variety of supervisory authorities need to be notified – both national and industry specific regulators. The proposed amendments will add a significant burden on the entity to notify all national data protection authorities where data subjects reside – no matter how few – and all within the stipulated timescales within article 33."
Last week an article for the IAPP cautioned against the EDPB's proposed update to its Guidelines on Personal Data Breach Notification.
What is this page?
You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.
The Privacy Newsfeed monitors over 300 global publications, of which more than 4,350 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.