Filtered (164)
Filters
Search
Type
Country
Categories
Show (164)
Cancel
Personal Data Breach Management and Reporting Toolkit Tracker

Data Breaches

Accountability Toolkit Tracker

Accountability

Personal Data Breach Management and Reporting Toolkit Tracker – more information about the Toolkit by UK ICO

Data Breaches

Accountability Toolkit Tracker – more information about the Toolkit by UK ICO

Accountability

Polish National Personal Data Protection Office (UODO)-National Prosecutor’s Office (9/2/2024)

Consent, Controllers and Processors, Data Breaches, Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Azienda Socio-sanitaria Territoriale Rhodense (5/23/2024)

Accuracy, Data Subjects Rights

Italian Data Protection Authority (Garante)-Eni Plenitude S.p.A. (6/6/2024)

Accountability, Lawfulness of Processing, Principles, Sensitive Data

Spanish Data Protection Authority (aepd)-BANCO BILBAO VIZCAYA ARGENTARIA, S.A. (6/12/2024)

Accuracy, Principles

Spanish Data Protection Authority (aepd)-PILLOW HOTELS, S.L. (5/30/2024)

Controllers and Processors, Data Breaches, Data Subjects Rights, Integrity and confidentiality, Principles

Italian Data Protection Authority (Garante)-Olimpia S.r.l. (4/11/2024)

Accountability, Consent, Lawfulness of Processing, Principles, Sensitive Data

Polish National Personal Data Protection Office (UODO)-Association (4/30/2024)

Controllers and Processors, Data Breaches

Italian Data Protection Authority (Garante)-Facile.Energy S.r.l. (4/11/2024)

Accountability, Consent, Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Azienda sanitaria locale Roma 3 (3/21/2024)

Data Breaches

Spanish Data Protection Authority (aepd)-VODAFONE ESPAÑA, S.A.U. (4/5/2024)

Accuracy, Principles

Polish National Personal Data Protection Office (UODO)-Toyota Bank Polska S.A. (3/12/2024)

Controllers and Processors, Data Breaches

Spanish Data Protection Authority (aepd)-URQUÍA & BAS, CORREDURÍA DE SEGUROS S.L. (6/22/2022)

Controllers and Processors, Data Breaches

Italian Data Protection Authority (Garante)-Municipality of Modica (7/18/2023)

Accountability, Lawfulness of Processing, Principles, Sensitive Data

Polish National Personal Data Protection Office (UODO)-District Court Krakow (12/19/2023)

Data Breaches

Polish National Personal Data Protection Office (UODO)-Insurance company (10/18/2023)

Controllers and Processors, Data Breaches

Polish National Personal Data Protection Office (UODO)-Santander Bank Polska S.A. (3/12/2024)

Controllers and Processors, Data Breaches, Data Subjects Rights

Italian Data Protection Authority (Garante)-Azienda Trasporto Passeggeri Emilia-Romagna S.p.A. (2/22/2024)

Accountability, Consent, Lawfulness of Processing, Principles, Sensitive Data

Cypriot Data Protection Commissioner-Bank of Cyprus Public Company Ltd. (7/15/1905)

Accuracy, Principles

Polish National Personal Data Protection Office (UODO)-Unknown (1/18/2024)

Controllers and Processors, Data Breaches, Data Subjects Rights

Spanish Data Protection Authority (aepd)-ENDESA ENERGÍA, S.A.U. (10/25/2023)

Data Breaches, Data Subjects Rights, Integrity and confidentiality, Principles

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Owners’ association (2/5/2024)

Accountability, Lawfulness of Processing, Principles, Sensitive Data

Spanish Data Protection Authority (aepd)-Oney Servicios Financieros E.F.C. (10/23/2023)

Accuracy, Principles

Italian Data Protection Authority (Garante)-Limit Call S.r.l.s. (11/30/2023)

Accountability, Consent, Controllers and Processors, Data Subjects Rights, Lawfulness of Processing, Principles, Representative

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Hora Credit IFN SA (12/7/2023)

Controllers and Processors, Data Breaches, Data Subjects Rights, Technical and Organisational Measures (TOMs)

Polish National Personal Data Protection Office (UODO)-Link4 Towarzystwo Ubezpieczeń S. A. (10/8/2023)

Controllers and Processors, Data Breaches

Italian Data Protection Authority (Garante)-Università Telematica E-Campus (7/18/2023)

Accountability, Consent, Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Mednow Medical Center di Giugni Marco (8/31/2023)

Accuracy, Data Subjects Rights, Principles, Sensitive Data

Croatian Data Protection Authority (azop)-Debt collection company (10/5/2023)

Accountability, Controllers and Processors, Data Subjects Rights, Principles, Representative

Italian Data Protection Authority (Garante)-Axpo Italia Spa (9/28/2023)

Accountability, Controllers and Processors, Lawfulness of Processing, Principles, Sensitive Data, Technical and Organisational Measures (TOMs)

Polish National Personal Data Protection Office (UODO)-Company (7/12/2023)

Controllers and Processors, Data Breaches, Data Subjects Rights

Italian Data Protection Authority (Garante)-Website operator (5/17/2023)

Accountability, Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Green Network S.p.A. (4/14/2023)

Accountability, Data Subjects Rights, Principles

Italian Data Protection Authority (Garante)-Sorgenia S.p.a. (4/14/2023)

Accountability, Principles, Privacy by Design

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-BRD-Groupe Société Générale S.A. (6/15/2023)

Accountability, Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-TIM S.p.A. (4/13/2023)

Accountability, Data Subjects Rights, Principles, Representative

Italian Data Protection Authority (Garante)-Bolzano municipality (3/23/2023)

Controllers and Processors, Data Breaches, Data Subjects Rights, Integrity and confidentiality, Principles, Technical and Organisational Measures (TOMs)

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Political party (4/22/2022)

Accountability, Data Subjects Rights, Principles

Hellenic Data Protection Authority (HDPA)-Piraeus Bank (2/2/2023)

Data Breaches, Lawfulness of Processing, Principles, Sensitive Data

Polish National Personal Data Protection Office (UODO)-Housing cooperative (3/1/2023)

Controllers and Processors, Data Breaches, Data Subjects Rights

Data Protection Authority of Bremen-Company (7/14/1905)

Controllers and Processors, Data Breaches

Norwegian Supervisory Authority (Datatilsynet)-Argon Medical Devices (3/8/2023)

Controllers and Processors, Data Breaches

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Tehnoplus Industry SRL (3/23/2023)

Accountability, Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Mister Brick S.a.s. (8/5/2022)

Access Requests (DSAR), Accountability, Controllers and Processors, Data Subjects Rights, Principles, Representative

Italian Data Protection Authority (Garante)-Douglas Italia S.p.a. (10/20/2022)

Accountability, Lawfulness of Processing, Principles, Purpose limitation, Sensitive Data

Belgian Data Protection Authority (APD)-Company (8/23/2022)

Accuracy, Controllers and Processors, Principles, Representative, Technical and Organisational Measures (TOMs)

Data Protection Authority of Sachsen-Anhalt-Magdeburg University Hospital (7/15/1905)

Controllers and Processors, Data Breaches

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Dent Estet Clinic SA (1/31/2023)

Controllers and Processors, Data Breaches

Italian Data Protection Authority (Garante)-Areti spa (11/24/2022)

Accountability, Accuracy, Data Subjects Rights, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Colosseo S.r.l. (8/5/2022)

Access Requests (DSAR), Accountability, Controllers and Processors, Data Subjects Rights, Principles, Representative

Hellenic Data Protection Authority (HDPA)-School (9/9/2022)

Accountability, Lawfulness of Processing, Principles, Sensitive Data

Italian Data Protection Authority (Garante)-Lazio Region (9/15/2022)

Accountability, Lawfulness of Processing, Principles, Sensitive Data

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Bank (10/5/2022)

Accountability, Controllers and Processors, Data Subjects Rights, Principles, Representative

Spanish Data Protection Authority (aepd)-BAYARD REVISTAS, S.A. (9/28/2022)

Controllers and Processors, Data Breaches, Data Subjects Rights, Integrity and confidentiality, Principles

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Company (8/8/2022)

Accountability, Consent, Lawfulness of Processing, Principles, Purpose limitation, Sensitive Data

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-SC Raiffeisen Bank SA (9/9/2022)

Accuracy, Principles

Information Commissioner of Isle of Man-Manx Care Ltd (7/13/2022)

Accountability, Controllers and Processors, Data minimisation, Principles, Sensitive Data, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Policoro municipality (8/1/2022)

Accountability, Data Subjects Rights, Lawfulness of Processing, Principles, Sensitive Data

Polish National Personal Data Protection Office (UODO)-University Hospital of the Medical University of Warsaw (7/6/2022)

Controllers and Processors, Data Breaches, Data Subjects Rights

Spanish Data Protection Authority (aepd)-DKV Seguros y Reaseguros, S.A.E. (7/13/2022)

Controllers and Processors, Data Breaches, Data Subjects Rights, Integrity and confidentiality, Principles

Polish National Personal Data Protection Office (UODO)-Głównego Geodetę Kraju (7/6/2022)

Controllers and Processors, Data Breaches, Data Subjects Rights

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Asociația de Proprietari Aviației Park (6/20/2022)

Accountability, Lawfulness of Processing, Principles, Sensitive Data

Polish National Personal Data Protection Office (UODO)-Esselmann Technika Pojazdowa Sp. z o.o. Sp. k. (6/6/2022)

Controllers and Processors, Data Breaches

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Kredyt Inkaso Investments RO S.A (5/18/2022)

Controllers and Processors, Data Breaches, Principles, Representative, Sensitive Data

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-MAYR MELNHOF PACKAGING ROMANIA S.R.L. (5/17/2022)

Accountability, Lawfulness of Processing, Principles, Purpose limitation, Sensitive Data

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Company (3/2/2022)

Accountability, Controllers and Processors, Data Subjects Rights, Principles, Representative

Danish Data Protection Authority (Datatilsynet)-Danske Bank (4/5/2022)

Accountability, Principles

Polish National Personal Data Protection Office (UODO)-Santander Bank Polska S. A. (1/19/2022)

Controllers and Processors, Data Breaches

Data Protection Authority of Ireland-Meta Platforms Ireland Limited (3/15/2022)

Accountability, Data Subjects Rights, Principles

Italian Data Protection Authority (Garante)-Enel Energia S.p.A (12/16/2021)

Accountability, Consent, Lawfulness of Processing, Principles, Sensitive Data

Data Protection Authority of Ireland-Irish Teacher Council (12/2/2021)

Controllers and Processors, Data Breaches, Data Subjects Rights, Principles

Hellenic Data Protection Authority (HDPA)-Greek Ministry of Tourism (12/29/2021)

Controllers and Processors, Data Breaches, Data Protection Officer (DPO), Data Subjects Rights

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Telekom Romania Communications SA (12/6/2021)

Access Requests (DSAR), Accountability, Accuracy, Data Subjects Rights, Principles, Sensitive Data

Deputy Data Protection Ombudsman-Psykoterapiakeskus Vastaamo (12/7/2021)

Controllers and Processors, Data Breaches, Data Subjects Rights, Integrity and confidentiality, Principles

Polish National Personal Data Protection Office (UODO)-Bank Millennium S.A (10/14/2021)

Controllers and Processors, Data Breaches, Data Subjects Rights

French Data Protection Authority (CNIL)-Régie autonome des transports parisiens (11/4/2021)

Accountability, Controllers and Processors, Data minimisation, Principles, Representative, Technical and Organisational Measures (TOMs)

National Commission for Data Protection (CNPD)-Insurance company (8/5/2021)

Controllers and Processors, Data Breaches, Data Subjects Rights, Integrity and confidentiality, Principles

Hellenic Data Protection Authority (HDPA)-NOW DOCTOR – Εταιρία Παροχής Ηλεκτρονικών Υπηρεσιών Αναζήτησης και Προβολής Ιατρών Ε.Π.Ε. (8/26/2021)

Accountability, Consent, Lawfulness of Processing, Principles, Sensitive Data

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Actamedica SRL (8/24/2021)

Controllers and Processors, Data Breaches, Data Processing Agreement (DPA), Data Subjects Rights

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Website operator (4/20/2021)

Accountability, Data Subjects Rights, Principles

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Magyar Telekom Nyrt. (6/18/2021)

Accuracy, Controllers and Processors, Data Subjects Rights, Principles, Representative

Polish National Personal Data Protection Office (UODO)-Fundację Promocji Mediacji i Edukacji Prawnej Lex Nostra (6/30/2021)

Controllers and Processors, Data Breaches, Data Subjects Rights

Polish National Personal Data Protection Office (UODO)-Sopockie Towarzystwo Ubezpieczeń ERGO Hestia S.A. (6/21/2021)

Controllers and Processors, Data Breaches, Data Subjects Rights

Hellenic Data Protection Authority (HDPA)-PURPLE SEA MΟΝΟΠΡΟΣΩΠΗ ΙΚΕ (6/3/2021)

Accountability, Lawfulness of Processing, Principles, Sensitive Data

Spanish Data Protection Authority (aepd)-TNT EXPRESS WORLDWIDE SPAIN, S.L. (6/22/2021)

Accuracy, Principles

Polish Data Protection Authority (UODO)-Cyfrowy Polsat S.A. (4/22/2021)

Controllers and Processors, Data Breaches, Data Subjects Rights, Technical and Organisational Measures (TOMs)

Data Protection Authority of Ireland-Irish Credit Bureau DAC (3/23/2021)

Accountability, Data Subjects Rights, Principles, Privacy by Design

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Budapest Főváros Kormányhivatala XI. kerületi Hivatalát (11th District Public Health Department of the Government Office of the Capital City Budapest) (3/24/2021)

Controllers and Processors, Data Breaches, Sensitive Data, Technical and Organisational Measures (TOMs)

Dutch Supervisory Authority for Data Protection (AP)-PVV Overijssel (6/16/2020)

Controllers and Processors, Data Breaches

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-S.C. Tip Top Food Industry S.R.L (4/15/2021)

Accountability, Lawfulness of Processing, Principles, Purpose limitation, Sensitive Data

Dutch Supervisory Authority for Data Protection (AP)-Booking.com B.V. (12/10/2020)

Controllers and Processors, Data Breaches

Polish National Personal Data Protection Office (UODO)-Enea S.A. (1/11/2021)

Controllers and Processors, Data Breaches

Data Protection Authority of Baden-Wuerttemberg-VfB Stuttgart 1893 AG (3/10/2021)

Accountability, Principles

Italian Data Protection Authority (Garante)-Regione Lazio (1/14/2021)

Accountability, Data Subjects Rights, Principles

Polish National Personal Data Protection Office (UODO)-Unknown (1/5/2021)

Controllers and Processors, Data Breaches

Data Protection Authority of Ireland-University College Dublin (12/17/2020)

Controllers and Processors, Data Breaches, Principles, Sensitive Data, Storage limitation, Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-Iberdrola Clientes (2/3/2021)

Accuracy, Data Subjects Rights, Principles

Polish National Personal Data Protection Office (UODO)-Śląski Uniwersytet Medyczny (Medical University of Silesia) (1/5/2021)

Controllers and Processors, Data Breaches, Data Subjects Rights

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Unknown (11/18/2020)

Accuracy, Principles

Polish National Personal Data Protection Office (UODO)-Towarzystwo Ubezpieczeń i Reasekuracji WARTA S.A. (12/28/2020)

Controllers and Processors, Data Breaches, Data Subjects Rights

Polish National Personal Data Protection Office (UODO)-TUiR Warta S.A. (12/9/2020)

Controllers and Processors, Data Breaches, Data Subjects Rights

Spanish Data Protection Authority (aepd)-Vodafone España, S.A.U. (1/4/2021)

Accuracy, Principles, Sensitive Data

Data Protection Authority of Ireland-Twitter International Company (12/15/2020)

Controllers and Processors, Data Breaches

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Robinson Tours Ltd. (Robinson Tours Idegenforgalmi és Szolgáltató Kft.) (12/16/2020)

Controllers and Processors, Data Breaches, Lawfulness of Processing, Performance of Contract, Principles, Privacy by Design

Spanish Data Protection Authority (aepd)-Banco Bilbao Vizcaya Argentaria, S.A. (12/21/2020)

Accuracy, Principles

Italian Data Protection Authority (Garante)-Università Campus Bio-medico di Roma (Polyclinic) (10/26/2020)

Accountability, Principles, Sensitive Data

Lithuanian Data Protection Authority (VDAI)-Vilnius City Municipality Administration (10/21/2020)

Accuracy, Controllers and Processors, Principles, Representative

Spanish Data Protection Authority (aepd)-Saunier-Tec Mantenimientos de Calor y Frio, SL. (7/2/2020)

Controllers and Processors, Data Breaches

Danish Data Protection Authority (Datatilsynet)-Lejre Municipality (6/30/2020)

Controllers and Processors, Data Breaches, Principles, Representative

Data Protection Authority of Ireland-Tusla Child and Family Agency (6/30/2020)

Controllers and Processors, Data Breaches

Data Protection Authority of Sweden (Integritetsskyddsmyndigheten)-National Government Service Centre (NGSC) (4/29/2020)

Controllers and Processors, Data Breaches, Data Subjects Rights

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Directorate of Social and Child Welfare Institutions of the Ferencvaros District of Budapest (5/21/2019)

Controllers and Processors, Data Breaches

Data Protection Authority of Hamburg-Hamburger Verkehrsverbund GmbH (HVV GmbH) (7/11/1905)

Controllers and Processors, Data Breaches, Data Subjects Rights

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Hora Credit IFN SA (12/10/2019)

Controllers and Processors, Data Breaches, Data Subjects Rights, Principles, Technical and Organisational Measures (TOMs)

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Unknown (6/25/2019)

Controllers and Processors, Data Breaches

Spanish Data Protection Authority (aepd)-Vodafone España, S.A.U. (Unknown)

Accuracy, Principles

Spanish Data Protection Authority (aepd)-Vodafone España, S.A.U. (Unknown)

Accuracy, Principles

Data Protection Authority of Hamburg-Unknown (7/10/1905)

Controllers and Processors, Data Breaches, Data Subjects Rights

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Hungarian political party (4/5/2019)

Controllers and Processors, Data Breaches, Data Subjects Rights

Lithuanian Data Protection Authority (VDAI)-Payment service provider UAB MisterTango (5/16/2019)

Controllers and Processors, Data Breaches, Data Subjects Rights, Principles

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Bank (2/8/2019)

Accuracy, Principles

Guidelines on Securing AI Systems by The Cyber Security Agency of Singapore (CSA)

AI, Risk Management, Specific processing situations

Case C‑21/23 CJEU (full text in german)

Controllers and Processors, Data Breaches, Health Data, Lawfulness of Processing, Principles, Sensitive Data

Press Release No 159/24 on Judgment of the Court in Case C-21/23 CJEU

Controllers and Processors, Data Breaches, Health Data, Lawfulness of Processing, Principles, Sensitive Data

Решение Рег.№ ППН-02-399-2019 КЗЛД – НАП

Controllers and Processors, Data Breaches, Lawfulness of Processing

Наказателно постановление-04-2019-КЗЛД-НАП

Controllers and Processors, Data Breaches, Lawfulness of Processing

Cyber Threat Modelling for Risk Assessment by CSB

Risk Management, Technical and Organisational Measures (TOMs)

Chief Information Security Officer_ HANDBOOK

Risk Management

“AI & Algorithmic Risks Report” by Dutch Data Protection Authority

AI, Risk Management, Specific processing situations

Genetic Testing Company 23andMe Pays $30M for Data Breach

Data Breaches, Sensitive Data

NIST Special Publication NIST SP 800-221A_Information and Communications Technology (ICT) Risk Outcomes Integrating ICT Risk Management Programs with the Enterprise Risk Portfolio

Risk Management

CASE STUDIES (2018 – 2023) by the Irish DPC

Access Requests (DSAR), Controllers and Processors, Data Breaches, Data Subjects Rights, Liability and Remedies, Supervisory Authorities

DRAFT RISK ASSESSMENT REGULATIONS FOR CALIFORNIA PRIVACY PROTECTION AGENCY

Risk Management

One-stop-shop case digest on Security of Processing and Data Breach Notification by the EDPB

Controllers and Processors, Data Breaches, Technical and Organisational Measures (TOMs)

[DRAFT] Data Confidentiality – Identifying and Protecting Assets Against Data Breaches by NIST

Controllers and Processors, Data Breaches

Data breach preparation and response by the Australian Information Commisioners

Controllers and Processors, Data Breaches

Data Breach Process Guidance by HSE

Controllers and Processors, Data Breaches

Infographic DPC TikTok Fine

Fairness, Liability and Remedies, Principles, Supervisory Authorities

Decision of the Data Protection Commission made pursuant to Section 111 of the DPA, 2018 and Articles 60 and 65 of the GDPR

Fairness, Liability and Remedies, Principles, Supervisory Authorities

Case C-60/22

Accountability, Controllers and Processors, Joint Controllers, Principles

Noyb Complaint Case: C-082-01 to EU Data protection Supervisor against EU Parliament

Controllers and Processors, Data Breaches, Public Administrative Body

Effective Cyber Risk Management: A best practice governance guide for digitally secure and resilient organisations by Governance Institute of Australia

Risk Management, Technical and Organisational Measures (TOMs)

Decision by Dutch Data Protection Authority to impose an administrative fine on Uber |English

Controllers and Processors, Data Breaches, Data Subjects Rights

Noyb Complaint Case: C-082-02 to EU Data protection Supervisor against EU Parliament

Controllers and Processors, Data Breaches, Public Administrative Body

NIST Special Publication_1800-29 Data Confidentiality- Detect, Respond to, and Recover from Data Breaches

Controllers and Processors, Data Breaches

Global Third Party Cybersecurity Breaches by SecurityScorecard

Controllers and Processors, Data Breaches

Artificial Intelligence and Algorithms in Risk Assessment by the European Labour Authority

Risk Management

Personal data breach report form

Controllers and Processors, Data Breaches

Generative Artificial Intelligence Risk Assessment by State of California Department of Technology

AI, Risk Management, Specific processing situations

Personal data breaches in the health sector: how to avoid them (and how to deal with them when they happen) by the UK ICO

Data Breaches, Health Data

Guide to Accountability and Governance | UK ICO

Accountability

Guidelines 01/2021 on Examples regarding Personal Data Breach Notification

Data Breaches

Guidelines 9/2022 on personal data breach notification under GDPR [Official EDPB Guidelines] [pdf]

Data Breaches

Rules of Procedure by EDPB on the cooperation and respective roles of national SAs and the EDPB Secretariat regarding the submission of complaints in the redress mechanism available to EU individuals in relation to alleged violations of U.S law with respect to their data collected by U.S. authorities competent for national security

Adequacy Decisions, Data Transfers, Risk Management

Artificial Intelligence Risk Management Framework by NIST: Generative Artificial Intelligence Profile

AI, Risk Management, Specific processing situations

Building a Cybersecurity and Privacy Learning Program | NIST | Initial Public Draft

Data Breaches, Employment, Risk Management, Technical and Organisational Measures (TOMs)

A Guide to UK GDPR Principles | UK ICO

Accountability, Accuracy, Data minimisation, Integrity and confidentiality, Lawfulness of Processing, Principles, Purpose limitation, Storage limitation, Transparency

A Guide to Lawful Basis | UK ICO

Consent, Lawfulness of Processing, Legal Obligation, Legitimate Interest, Performance of Contract, Public Interests, Vital Interests

The EDPB data protection guide for small business

AI, Risk Management

Approach to Data Spaces from GDPR Perspective (AEPD)

Data Spaces, Risk Management

GDPR Data Incidents – The Step-by-Step Playbook for Effective Response

Data Breaches