Filtered (154)
Filters
Search
Type
Country
Categories
Show (154)
Cancel
Personal Data Breach Management and Reporting Toolkit Tracker

Data Breaches

Personal Data Breach Management and Reporting Toolkit Tracker – more information about the Toolkit by UK ICO

Data Breaches

Polish National Personal Data Protection Office (UODO)-National Prosecutor’s Office (9/2/2024)

Consent, Controllers and Processors, Data Breaches, Lawfulness of Processing, Principles, Sensitive Data

Polish National Personal Data Protection Office (UODO)-Committee (4/24/2024)

Controllers and Processors, Integrity and confidentiality, Principles, Privacy by Design, Representative, Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-PILLOW HOTELS, S.L. (5/30/2024)

Controllers and Processors, Data Breaches, Data Subjects Rights, Integrity and confidentiality, Principles

Polish National Personal Data Protection Office (UODO)-Association (4/30/2024)

Controllers and Processors, Data Breaches

Italian Data Protection Authority (Garante)-Enel Energia SpA (2/8/2024)

Controllers and Processors, Integrity and confidentiality, Principles, Privacy by Design, Representative, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Azienda sanitaria locale Roma 3 (3/21/2024)

Data Breaches

Polish National Personal Data Protection Office (UODO)-Toyota Bank Polska S.A. (3/12/2024)

Controllers and Processors, Data Breaches

Spanish Data Protection Authority (aepd)-URQUÍA & BAS, CORREDURÍA DE SEGUROS S.L. (6/22/2022)

Controllers and Processors, Data Breaches

Hellenic Data Protection Authority (HDPA)-Greek Ministry of Immigration and Asylum (4/2/2024)

Controllers and Processors, Data Protection Impact Assessment (DPIA), Data Subjects Rights, Principles, Privacy by Design

Polish National Personal Data Protection Office (UODO)-District Court Krakow (12/19/2023)

Data Breaches

Polish National Personal Data Protection Office (UODO)-Insurance company (10/18/2023)

Controllers and Processors, Data Breaches

Polish National Personal Data Protection Office (UODO)-Santander Bank Polska S.A. (3/12/2024)

Controllers and Processors, Data Breaches, Data Subjects Rights

Polish National Personal Data Protection Office (UODO)-Unknown (1/18/2024)

Controllers and Processors, Data Breaches, Data Subjects Rights

Spanish Data Protection Authority (aepd)-ENDESA ENERGÍA, S.A.U. (10/25/2023)

Data Breaches, Data Subjects Rights, Integrity and confidentiality, Principles

Spanish Data Protection Authority (aepd)-Open Bank, S.A. (7/28/2023)

Data Subjects Rights, Principles, Privacy by Design

Polish National Personal Data Protection Office (UODO)-Disciplinary officer (4/20/2023)

Controllers and Processors, Integrity and confidentiality, Principles, Privacy by Design, Representative, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Azienda socio sanitaria territoriale nord Milano, C.F. (12/7/2023)

Lawfulness of Processing, Principles, Privacy by Design, Sensitive Data

Polish National Personal Data Protection Office (UODO)-Polish Minister of Health (12/20/2023)

Data Subjects Rights, Principles, Privacy by Design

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Hora Credit IFN SA (12/7/2023)

Controllers and Processors, Data Breaches, Data Subjects Rights, Technical and Organisational Measures (TOMs)

Polish National Personal Data Protection Office (UODO)-Link4 Towarzystwo Ubezpieczeń S. A. (10/8/2023)

Controllers and Processors, Data Breaches

Norwegian Supervisory Authority (Datatilsynet)-Norwegian Labor and Welfare Administration (11/27/2023)

Controllers and Processors, Integrity and confidentiality, Principles, Privacy by Design, Representative, Technical and Organisational Measures (TOMs)

Polish National Personal Data Protection Office (UODO)-Company (7/18/2023)

Controllers and Processors, Integrity and confidentiality, Principles, Privacy by Design, Representative, Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-BANCO BILBAO VIZCAYA ARGENTARIA, S.A. (10/20/2023)

Data Subjects Rights, Principles, Privacy by Design

Polish National Personal Data Protection Office (UODO)-Company (7/12/2023)

Controllers and Processors, Data Breaches, Data Subjects Rights

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Uipath SRL (8/21/2023)

Data Subjects Rights, Principles, Privacy by Design

Polish National Personal Data Protection Office (UODO)-Company (5/31/2023)

Controllers and Processors, Integrity and confidentiality, Principles, Privacy by Design, Representative, Technical and Organisational Measures (TOMs)

Hellenic Data Protection Authority (HDPA)-Piraeus Bank (6/12/2023)

Lawfulness of Processing, Principles, Privacy by Design, Representative

Polish National Personal Data Protection Office (UODO)-Municipality (5/16/2023)

Controllers and Processors, Integrity and confidentiality, Principles, Privacy by Design, Representative, Technical and Organisational Measures (TOMs)

Polish National Personal Data Protection Office (UODO)-Municipality (5/5/2023)

Controllers and Processors, Integrity and confidentiality, Principles, Privacy by Design, Representative, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Sorgenia S.p.a. (4/14/2023)

Accountability, Principles, Privacy by Design

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-AUTOMOBILE BAVARIA SRL (5/18/2023)

Controllers and Processors, Principles, Privacy by Design, Sensitive Data, Technical and Organisational Measures (TOMs)

Croatian Data Protection Authority (azop)-Sports betting operator (5/18/2023)

Consent, Lawfulness of Processing, Principles, Privacy by Design

Italian Data Protection Authority (Garante)-Bolzano municipality (3/23/2023)

Controllers and Processors, Data Breaches, Data Subjects Rights, Integrity and confidentiality, Principles, Technical and Organisational Measures (TOMs)

Polish National Personal Data Protection Office (UODO)-Company (2/8/2023)

Controllers and Processors, Integrity and confidentiality, Principles, Privacy by Design, Representative, Technical and Organisational Measures (TOMs)

Data Protection Authority of Brandenburg-Operator of a swimming pool (7/14/1905)

Lawfulness of Processing, Legal Obligation

Hellenic Data Protection Authority (HDPA)-Piraeus Bank (2/2/2023)

Data Breaches, Lawfulness of Processing, Principles, Sensitive Data

Polish National Personal Data Protection Office (UODO)-Housing cooperative (3/1/2023)

Controllers and Processors, Data Breaches, Data Subjects Rights

Data Protection Authority of Hamburg-Covid-19 test center (7/14/1905)

Lawfulness of Processing, Legal Obligation

Data Protection Authority of Bremen-Company (7/14/1905)

Controllers and Processors, Data Breaches

Norwegian Supervisory Authority (Datatilsynet)-Argon Medical Devices (3/8/2023)

Controllers and Processors, Data Breaches

Polish National Personal Data Protection Office (UODO)-Szczecin-Centrum District Court (1/19/2023)

Controllers and Processors, Integrity and confidentiality, Principles, Privacy by Design, Representative, Technical and Organisational Measures (TOMs)

Data Protection Authority of Sachsen-Anhalt-Magdeburg University Hospital (7/15/1905)

Controllers and Processors, Data Breaches

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Dent Estet Clinic SA (1/31/2023)

Controllers and Processors, Data Breaches

Data Protection Authority of Ireland-Meta Platforms Ireland Limited (11/25/2022)

Privacy by Design

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-OTP LEASING ROMANIA IFN SA (11/25/2022)

Data Subjects Rights, Principles, Privacy by Design

Italian Data Protection Authority (Garante)-Azienda Usl Valle d’Aosta (11/10/2022)

Lawfulness of Processing, Principles, Privacy by Design, Sensitive Data

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Casa Rusu S.R.L. (12/9/2022)

Data Subjects Rights, Principles, Privacy by Design

Polish National Personal Data Protection Office (UODO)-Mayor (11/2/2022)

Controllers and Processors, Integrity and confidentiality, Principles, Privacy by Design, Representative, Technical and Organisational Measures (TOMs)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Raiffeisen Bank SA (11/16/2022)

Data Subjects Rights, Principles, Privacy by Design

Spanish Data Protection Authority (aepd)-BAYARD REVISTAS, S.A. (9/28/2022)

Controllers and Processors, Data Breaches, Data Subjects Rights, Integrity and confidentiality, Principles

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Banca Comercială Română SA (9/19/2022)

Data Subjects Rights, Principles, Privacy by Design

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Bitfactor SRL (9/22/2022)

Data Subjects Rights, Principles, Privacy by Design

Data Protection Authority of Niedersachsen-Company (7/13/1905)

Data Subjects Rights, Principles, Privacy by Design

Polish National Personal Data Protection Office (UODO)-University Hospital of the Medical University of Warsaw (7/6/2022)

Controllers and Processors, Data Breaches, Data Subjects Rights

Spanish Data Protection Authority (aepd)-DKV Seguros y Reaseguros, S.A.E. (7/13/2022)

Controllers and Processors, Data Breaches, Data Subjects Rights, Integrity and confidentiality, Principles

Croatian Data Protection Authority (azop)-Telecommunications company (7/21/2022)

Data Subjects Rights, Principles, Privacy by Design

Italian Data Protection Authority (Garante)-Azienda sanitaria universitaria Friuli Centrale (5/26/2022)

Lawfulness of Processing, Principles, Privacy by Design, Sensitive Data

Italian Data Protection Authority (Garante)-Azienda sanitaria universitaria Friuli Occidentale (5/26/2022)

Lawfulness of Processing, Principles, Privacy by Design, Sensitive Data

Polish National Personal Data Protection Office (UODO)-Głównego Geodetę Kraju (7/6/2022)

Controllers and Processors, Data Breaches, Data Subjects Rights

Polish National Personal Data Protection Office (UODO)-Esselmann Technika Pojazdowa Sp. z o.o. Sp. k. (6/6/2022)

Controllers and Processors, Data Breaches

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Kredyt Inkaso Investments RO S.A (5/18/2022)

Controllers and Processors, Data Breaches, Principles, Representative, Sensitive Data

Belgian Data Protection Authority (APD)-Brussels Airport Charleroi (4/4/2022)

Lawfulness of Processing, Legal Obligation, Principles, Sensitive Data

Polish National Personal Data Protection Office (UODO)-Fortum Marketing and Sales Polska S.A. (1/19/2022)

Controllers and Processors, Data Processing Agreement (DPA), Data Subjects Rights, Integrity and confidentiality, Principles, Privacy by Design

Polish National Personal Data Protection Office (UODO)-Santander Bank Polska S. A. (1/19/2022)

Controllers and Processors, Data Breaches

Deputy Data Protection Ombudsman-Travel agency (12/16/2021)

Controllers and Processors, Data Subjects Rights, Integrity and confidentiality, Principles, Privacy by Design, Technical and Organisational Measures (TOMs)

Data Protection Authority of Ireland-Irish Teacher Council (12/2/2021)

Controllers and Processors, Data Breaches, Data Subjects Rights, Principles

Hellenic Data Protection Authority (HDPA)-Greek Ministry of Tourism (12/29/2021)

Controllers and Processors, Data Breaches, Data Protection Officer (DPO), Data Subjects Rights

Polish National Personal Data Protection Office (UODO)-Warsaw University of Technology (12/9/2021)

Controllers and Processors, Integrity and confidentiality, Principles, Privacy by Design, Representative, Technical and Organisational Measures (TOMs)

French Data Protection Authority (CNIL)-FREE MOBILE (12/28/2021)

Data Subjects Rights, Principles, Privacy by Design, Right to Object

Deputy Data Protection Ombudsman-Psykoterapiakeskus Vastaamo (12/7/2021)

Controllers and Processors, Data Breaches, Data Subjects Rights, Integrity and confidentiality, Principles

Polish National Personal Data Protection Office (UODO)-Bank Millennium S.A (10/14/2021)

Controllers and Processors, Data Breaches, Data Subjects Rights

National Commission for Data Protection (CNPD)-Insurance company (8/5/2021)

Controllers and Processors, Data Breaches, Data Subjects Rights, Integrity and confidentiality, Principles

Italian Data Protection Authority (Garante)-La Prima S.r.l. (9/16/2021)

Controllers and Processors, Principles, Privacy by Design, Representative, Technical and Organisational Measures (TOMs)

Italian Data Protection Authority (Garante)-Roma Capitale (7/22/2021)

Data Subjects Rights, Principles, Privacy by Design

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Actamedica SRL (8/24/2021)

Controllers and Processors, Data Breaches, Data Processing Agreement (DPA), Data Subjects Rights

Polish National Personal Data Protection Office (UODO)-Fundację Promocji Mediacji i Edukacji Prawnej Lex Nostra (6/30/2021)

Controllers and Processors, Data Breaches, Data Subjects Rights

Polish National Personal Data Protection Office (UODO)-Sopockie Towarzystwo Ubezpieczeń ERGO Hestia S.A. (6/21/2021)

Controllers and Processors, Data Breaches, Data Subjects Rights

Hellenic Data Protection Authority (HDPA)-KARIERA A.E. (5/12/2021)

Access Requests (DSAR), Data Subjects Rights, Principles, Privacy by Design

Italian Data Protection Authority (Garante)-Fondazione Policlinico Tor Vergata di Roma (4/21/2021)

Data Subjects Rights, Lawfulness of Processing, Principles, Privacy by Design, Sensitive Data

Polish Data Protection Authority (UODO)-Cyfrowy Polsat S.A. (4/22/2021)

Controllers and Processors, Data Breaches, Data Subjects Rights, Technical and Organisational Measures (TOMs)

Hellenic Data Protection Authority (HDPA)-Municipal Organization for Pre-School Education and Social Solidarity (DOPAKA) of the municipality of Tavros Moschato (5/17/2021)

Legal Obligation

Data Protection Authority of Ireland-Irish Credit Bureau DAC (3/23/2021)

Accountability, Data Subjects Rights, Principles, Privacy by Design

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Budapest Főváros Kormányhivatala XI. kerületi Hivatalát (11th District Public Health Department of the Government Office of the Capital City Budapest) (3/24/2021)

Controllers and Processors, Data Breaches, Sensitive Data, Technical and Organisational Measures (TOMs)

Dutch Supervisory Authority for Data Protection (AP)-PVV Overijssel (6/16/2020)

Controllers and Processors, Data Breaches

Dutch Supervisory Authority for Data Protection (AP)-Booking.com B.V. (12/10/2020)

Controllers and Processors, Data Breaches

Polish National Personal Data Protection Office (UODO)-Enea S.A. (1/11/2021)

Controllers and Processors, Data Breaches

Italian Data Protection Authority (Garante)-Istituto Nazionale Previdenza Sociale (INPS) (2/25/2021)

Lawfulness of Processing, Principles, Privacy by Design, Sensitive Data

Polish National Personal Data Protection Office (UODO)-Unknown (1/5/2021)

Controllers and Processors, Data Breaches

Data Protection Authority of Ireland-University College Dublin (12/17/2020)

Controllers and Processors, Data Breaches, Principles, Sensitive Data, Storage limitation, Technical and Organisational Measures (TOMs)

Polish National Personal Data Protection Office (UODO)-Śląski Uniwersytet Medyczny (Medical University of Silesia) (1/5/2021)

Controllers and Processors, Data Breaches, Data Subjects Rights

Polish National Personal Data Protection Office (UODO)-Towarzystwo Ubezpieczeń i Reasekuracji WARTA S.A. (12/28/2020)

Controllers and Processors, Data Breaches, Data Subjects Rights

Polish National Personal Data Protection Office (UODO)-TUiR Warta S.A. (12/9/2020)

Controllers and Processors, Data Breaches, Data Subjects Rights

Data Protection Authority of Ireland-Twitter International Company (12/15/2020)

Controllers and Processors, Data Breaches

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Robinson Tours Ltd. (Robinson Tours Idegenforgalmi és Szolgáltató Kft.) (12/16/2020)

Controllers and Processors, Data Breaches, Lawfulness of Processing, Performance of Contract, Principles, Privacy by Design

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Deichmann Cipőkereskedelmi Korlátolt Felelősségű Társaságnak (10/23/2020)

Data Subjects Rights, Principles, Privacy by Design

Spanish Data Protection Authority (aepd)-Saunier-Tec Mantenimientos de Calor y Frio, SL. (7/2/2020)

Controllers and Processors, Data Breaches

Danish Data Protection Authority (Datatilsynet)-Lejre Municipality (6/30/2020)

Controllers and Processors, Data Breaches, Principles, Representative

Data Protection Authority of Ireland-Tusla Child and Family Agency (6/30/2020)

Controllers and Processors, Data Breaches

Data Protection Authority of Sweden (Integritetsskyddsmyndigheten)-National Government Service Centre (NGSC) (4/29/2020)

Controllers and Processors, Data Breaches, Data Subjects Rights

Data Protection Commision of Bulgaria (KZLD)-T.K. EOOD (2/20/2020)

Data Subjects Rights, Principles, Privacy by Design

Data Protection Commision of Bulgaria (KZLD)-L.E. EOOD (2/20/2020)

Data Subjects Rights, Lawfulness of Processing, Principles, Privacy by Design

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Directorate of Social and Child Welfare Institutions of the Ferencvaros District of Budapest (5/21/2019)

Controllers and Processors, Data Breaches

Data Protection Authority of Hamburg-Hamburger Verkehrsverbund GmbH (HVV GmbH) (7/11/1905)

Controllers and Processors, Data Breaches, Data Subjects Rights

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Hora Credit IFN SA (12/10/2019)

Controllers and Processors, Data Breaches, Data Subjects Rights, Principles, Technical and Organisational Measures (TOMs)

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Unknown (6/25/2019)

Controllers and Processors, Data Breaches

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-UNICREDIT BANK SA (6/27/2019)

Controllers and Processors, Principles, Privacy by Design, Representative

Data Protection Authority of Hamburg-Unknown (7/10/1905)

Controllers and Processors, Data Breaches, Data Subjects Rights

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Hungarian political party (4/5/2019)

Controllers and Processors, Data Breaches, Data Subjects Rights

Lithuanian Data Protection Authority (VDAI)-Payment service provider UAB MisterTango (5/16/2019)

Controllers and Processors, Data Breaches, Data Subjects Rights, Principles

Case C‑21/23 CJEU (full text in german)

Controllers and Processors, Data Breaches, Health Data, Lawfulness of Processing, Principles, Sensitive Data

Press Release No 159/24 on Judgment of the Court in Case C-21/23 CJEU

Controllers and Processors, Data Breaches, Health Data, Lawfulness of Processing, Principles, Sensitive Data

Решение Рег.№ ППН-02-399-2019 КЗЛД – НАП

Controllers and Processors, Data Breaches, Lawfulness of Processing

Наказателно постановление-04-2019-КЗЛД-НАП

Controllers and Processors, Data Breaches, Lawfulness of Processing

Genetic Testing Company 23andMe Pays $30M for Data Breach

Data Breaches, Sensitive Data

Recommendations 01/2021 on the adequacy referential under the Law Enforcement Directive |EPDB

Adequacy Decisions, Data Transfers

THE NEW STANDARD CONTRACTUAL CLAUSES – QUESTIONS AND ANSWERS

Data Transfers, Standard Contractual Clauses (SCC)

CASE STUDIES (2018 – 2023) by the Irish DPC

Access Requests (DSAR), Controllers and Processors, Data Breaches, Data Subjects Rights, Liability and Remedies, Supervisory Authorities

One-stop-shop case digest on Security of Processing and Data Breach Notification by the EDPB

Controllers and Processors, Data Breaches, Technical and Organisational Measures (TOMs)

Report on the first review of the functioning of the adequacy decisions adopted pursuant to Article 25(6) of Directive 95/46/EC

Adequacy Decisions, Data Transfers

[DRAFT] Data Confidentiality – Identifying and Protecting Assets Against Data Breaches by NIST

Controllers and Processors, Data Breaches

Exceeding customer expectations by Google

Principles, Privacy by Design

Data breach preparation and response by the Australian Information Commisioners

Controllers and Processors, Data Breaches

Data Breach Process Guidance by HSE

Controllers and Processors, Data Breaches

Noyb Complaint Case: C-082-01 to EU Data protection Supervisor against EU Parliament

Controllers and Processors, Data Breaches, Public Administrative Body

Decision by Dutch Data Protection Authority to impose an administrative fine on Uber |English

Controllers and Processors, Data Breaches, Data Subjects Rights

Noyb Complaint Case: C-082-02 to EU Data protection Supervisor against EU Parliament

Controllers and Processors, Data Breaches, Public Administrative Body

NIST Special Publication_1800-29 Data Confidentiality- Detect, Respond to, and Recover from Data Breaches

Controllers and Processors, Data Breaches

Global Third Party Cybersecurity Breaches by SecurityScorecard

Controllers and Processors, Data Breaches

Information note by EDPB on data transfers under the GDPR to the United States after the adoption of the adequacy decision on 10 July 2023

Adequacy Decisions, Data Transfers

Opinion 14/2021 regarding the European Commission Draft Implementing Decision pursuant to Regulation (EU) 2016/679 on the adequate protection of personal data in the United Kingdom |EPDB

Adequacy Decisions, Data Transfers

Opinion 15/2021 regarding the European Commission Draft Implementing Decision pursuant to Directive (EU) 2016/680 on the adequate protection of personal data in the United Kingdom |EDPB

Adequacy Decisions, Data Transfers

Opinion 32/2021 regarding the European Commission Draft Implementing Decision pursuant to Regulation (EU) 2016/679 on the adequate protection of personal data in the Republic of Korea |EDPB

Adequacy Decisions, Data Transfers

Information Note by EDPB on the redress mechanism for EU/EEA individuals in relation to alleged violations of U.S. law with respect to their data collected by U.S authorities competent for national security

Adequacy Decisions, Data Transfers

EU-US Data Privacy Framework Template Complaint Form for Submitting Commercial Related Complaints to EU DPAs by EDPB

Adequacy Decisions, Data Transfers

Opinion 18/2021 on the draft Standard Contractual Clauses submitted by the LT SA (Article 28(8) GDPR) |EDPB

Controllers and Processors, Data Transfers, Standard Contractual Clauses (SCC)

Personal data breach report form

Controllers and Processors, Data Breaches

Opinion 32/2021 regarding the European Commission Draft Implementing Decision pursuant to Regulation (EU) 2016/679 on the adequate protection of personal data in the Republic of Korea |EPDB

Adequacy Decisions, Data Transfers

Opinion 5/2023 on the European Commission Draft Implementing Decision on the adequate protection of personal data under the EU-US Data Privacy Framework |EPDB

Adequacy Decisions, Data Transfers

Personal data breaches in the health sector: how to avoid them (and how to deal with them when they happen) by the UK ICO

Data Breaches, Health Data

COMMISSION IMPLEMENTING DECISION of 10.7.2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework

Adequacy Decisions, Data Transfers

Joint Guide to ASEAN MCC and EU SCC

Data Transfers, Standard Contractual Clauses (SCC)

Guidelines 01/2021 on Examples regarding Personal Data Breach Notification

Data Breaches

Guidelines 4/2019 on Article 25 Data Protection by Design and by Default

Privacy by Design

Guidelines 9/2022 on personal data breach notification under GDPR [Official EDPB Guidelines] [pdf]

Data Breaches

Guidelines 03/2022 on Deceptive design patterns in social media platform interfaces: how to recognise and avoid them

Privacy by Design

Rules of Procedure by EDPB on the cooperation and respective roles of national SAs and the EDPB Secretariat regarding the submission of complaints in the redress mechanism available to EU individuals in relation to alleged violations of U.S law with respect to their data collected by U.S. authorities competent for national security

Adequacy Decisions, Data Transfers, Risk Management

Rules of Procedure for the “Informal Panel of EU DPAs”according to the EU-US Data Privacy Framework by EDPB

Adequacy Decisions, Data Transfers

Template Complaint Form to the U.S. Office of the Director of National Intelligence’s Civil Liberties Protection Officer (CLPO) by EDPB

Adequacy Decisions, Data Transfers

Privacy, seriously by the UK ICO

AI, Privacy by Design, Product Privacy Design

Building a Cybersecurity and Privacy Learning Program | NIST | Initial Public Draft

Data Breaches, Employment, Risk Management, Technical and Organisational Measures (TOMs)

A Guide to Lawful Basis | UK ICO

Consent, Lawfulness of Processing, Legal Obligation, Legitimate Interest, Performance of Contract, Public Interests, Vital Interests

GDPR Data Incidents – The Step-by-Step Playbook for Effective Response

Data Breaches