This week, FEDMA submitted its contribution to the EDPB’s targeted consultation on the Guidelines 9/2022 on personal data breach notification under GDPR.
Compared to other consultations from the EDPB, this call for feedback addresses a minor update to the guidelines, aiming to clarify the situation for controllers and processors which are not established in the EU.
Specifically, the additional draft paragraph provides that in case of a personal data breach, a non-EU organisation will need to notify “every single authority for which affected data subjects reside in their Member State”, regardless of the “mere presence of a representative in a Member State”.
In its feedback to the EDPB, FEDMA pointed out that the proposed update would result in strengthening existing hurdles that companies face when notifying personal data breaches, including:
Read FEDMA’s full contribution here.
To discuss FEDMA Membership, please contact rdewouters@fedma.org or book an introductory call via Microsoft Bookings.
DO NOT MISS OUR NEWS