Filtered (153)
Filters
Search
Type
Country
Categories
Show (153)
Cancel
Personal Data Breach Management and Reporting Toolkit Tracker

Data Breaches

Personal Data Breach Management and Reporting Toolkit Tracker – more information about the Toolkit by UK ICO

Data Breaches

Polish National Personal Data Protection Office (UODO)-National Prosecutor’s Office (9/2/2024)

Consent, Controllers and Processors, Data Breaches, Lawfulness of Processing, Principles, Sensitive Data

Spanish Data Protection Authority (aepd)-PILLOW HOTELS, S.L. (5/30/2024)

Controllers and Processors, Data Breaches, Data Subjects Rights, Integrity and confidentiality, Principles

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Corint Logistic SRL. (5/30/2024)

Access Requests (DSAR), Data Subjects Rights, Lawfulness of Processing, Principles, Right to Object, Sensitive Data

Polish National Personal Data Protection Office (UODO)-Association (4/30/2024)

Controllers and Processors, Data Breaches

Data Protection Authority of Hessen-Company (7/15/1905)

Data Subjects Rights, Right to Object

Italian Data Protection Authority (Garante)-Azienda sanitaria locale Roma 3 (3/21/2024)

Data Breaches

Polish National Personal Data Protection Office (UODO)-Toyota Bank Polska S.A. (3/12/2024)

Controllers and Processors, Data Breaches

Spanish Data Protection Authority (aepd)-URQUÍA & BAS, CORREDURÍA DE SEGUROS S.L. (6/22/2022)

Controllers and Processors, Data Breaches

Polish National Personal Data Protection Office (UODO)-District Court Krakow (12/19/2023)

Data Breaches

Polish National Personal Data Protection Office (UODO)-Insurance company (10/18/2023)

Controllers and Processors, Data Breaches

Polish National Personal Data Protection Office (UODO)-Santander Bank Polska S.A. (3/12/2024)

Controllers and Processors, Data Breaches, Data Subjects Rights

Polish National Personal Data Protection Office (UODO)-Unknown (1/18/2024)

Controllers and Processors, Data Breaches, Data Subjects Rights

Spanish Data Protection Authority (aepd)-ENDESA ENERGÍA, S.A.U. (10/25/2023)

Data Breaches, Data Subjects Rights, Integrity and confidentiality, Principles

French Data Protection Authority (CNIL)-Candidate for parliamentary elections (12/22/2023)

Data Subjects Rights, Right to Object

French Data Protection Authority (CNIL)-Company (12/22/2023)

Principles, Purpose limitation

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Hora Credit IFN SA (12/7/2023)

Controllers and Processors, Data Breaches, Data Subjects Rights, Technical and Organisational Measures (TOMs)

Polish National Personal Data Protection Office (UODO)-Link4 Towarzystwo Ubezpieczeń S. A. (10/8/2023)

Controllers and Processors, Data Breaches

National Commission for Data Protection (CNPD)-Unknown (9/21/2023)

Data Subjects Rights, Principles, Purpose limitation, Sensitive Data

Polish National Personal Data Protection Office (UODO)-Company (7/12/2023)

Controllers and Processors, Data Breaches, Data Subjects Rights

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-NN Asigurări de Viață S.A. (9/18/2023)

Data Subjects Rights, Right to Object

Spanish Data Protection Authority (aepd)-CONCENTRA CENTRAL DE COMPRAS Y SERVICIOS S.L. (6/7/2023)

Data Subjects Rights, Right to Object

Italian Data Protection Authority (Garante)-Grizzaffi Management Srl (5/17/2023)

Data Subjects Rights, Lawfulness of Processing, Right to Object

Italian Data Protection Authority (Garante)-Bolzano municipality (3/23/2023)

Controllers and Processors, Data Breaches, Data Subjects Rights, Integrity and confidentiality, Principles, Technical and Organisational Measures (TOMs)

Hellenic Data Protection Authority (HDPA)-Piraeus Bank (2/2/2023)

Data Breaches, Lawfulness of Processing, Principles, Sensitive Data

Polish National Personal Data Protection Office (UODO)-Housing cooperative (3/1/2023)

Controllers and Processors, Data Breaches, Data Subjects Rights

Spanish Data Protection Authority (aepd)-ECOMM MOVADGENCY S.L. (2/28/2023)

Data Subjects Rights, Right to Object

Data Protection Authority of Bremen-Company (7/14/1905)

Controllers and Processors, Data Breaches

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Tensa Art Design SRL (4/4/2023)

Data Subjects Rights, Right to Object

Norwegian Supervisory Authority (Datatilsynet)-Argon Medical Devices (3/8/2023)

Controllers and Processors, Data Breaches

Italian Data Protection Authority (Garante)-Douglas Italia S.p.a. (10/20/2022)

Accountability, Lawfulness of Processing, Principles, Purpose limitation, Sensitive Data

Data Protection Authority of Sachsen-Anhalt-Magdeburg University Hospital (7/15/1905)

Controllers and Processors, Data Breaches

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Tensa Art Design SA (2/1/2023)

Data Subjects Rights, Right to Object

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Dent Estet Clinic SA (1/31/2023)

Controllers and Processors, Data Breaches

Spanish Data Protection Authority (aepd)-XASTRE DO PETO, S.L. (11/11/2022)

Consent, Data Subjects Rights, Lawfulness of Processing, Right to Object

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-AMPLIFON Hungary Trade and Service Provider LLC (8/11/2022)

Controllers and Processors, Data Subjects Rights, Principles, Purpose limitation, Representative

Spanish Data Protection Authority (aepd)-BANCO BILBAO VIZCAYA ARGENTARIA, S.A. (10/31/2022)

Controllers and Processors, Principles, Purpose limitation, Representative, Technical and Organisational Measures (TOMs)

Spanish Data Protection Authority (aepd)-BAYARD REVISTAS, S.A. (9/28/2022)

Controllers and Processors, Data Breaches, Data Subjects Rights, Integrity and confidentiality, Principles

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Company (8/8/2022)

Accountability, Consent, Lawfulness of Processing, Principles, Purpose limitation, Sensitive Data

French Data Protection Authority (CNIL)-ACCOR SA (8/19/2022)

Access Requests (DSAR), Data Subjects Rights, Right to Object

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Sephora Cosmetics România SA (8/4/2022)

Data Subjects Rights, Right to Object

Polish National Personal Data Protection Office (UODO)-University Hospital of the Medical University of Warsaw (7/6/2022)

Controllers and Processors, Data Breaches, Data Subjects Rights

Spanish Data Protection Authority (aepd)-DKV Seguros y Reaseguros, S.A.E. (7/13/2022)

Controllers and Processors, Data Breaches, Data Subjects Rights, Integrity and confidentiality, Principles

Spanish Data Protection Authority (aepd)-Bar owner (7/19/2022)

Principles, Purpose limitation

Polish National Personal Data Protection Office (UODO)-Głównego Geodetę Kraju (7/6/2022)

Controllers and Processors, Data Breaches, Data Subjects Rights

French Data Protection Authority (CNIL)-TotalEnergies Electricité et Gaz France (6/23/2022)

Data Subjects Rights, Right to Object

Polish National Personal Data Protection Office (UODO)-Esselmann Technika Pojazdowa Sp. z o.o. Sp. k. (6/6/2022)

Controllers and Processors, Data Breaches

Data Protection Authority of Hessen-Restaurant (7/13/1905)

Principles, Purpose limitation

Norwegian Supervisory Authority (Datatilsynet)-Company (3/15/2022)

Consent, Data Subjects Rights, Lawfulness of Processing, Right to Object

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Kredyt Inkaso Investments RO S.A (5/18/2022)

Controllers and Processors, Data Breaches, Principles, Representative, Sensitive Data

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Workshop (3/29/2022)

Legitimate Interest, Principles, Purpose limitation, Sensitive Data

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-MAYR MELNHOF PACKAGING ROMANIA S.R.L. (5/17/2022)

Accountability, Lawfulness of Processing, Principles, Purpose limitation, Sensitive Data

Polish National Personal Data Protection Office (UODO)-Santander Bank Polska S. A. (1/19/2022)

Controllers and Processors, Data Breaches

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-IAMSAT Muntenia SA (2/22/2022)

Data Subjects Rights, Right to Object

Italian Data Protection Authority (Garante)-T.S.M. s.r.l. (1/27/2022)

Data Subjects Rights, Right to Object

Italian Data Protection Authority (Garante)-Aimon Srl (11/25/2021)

Controllers and Processors, Data Subjects Rights, Lawfulness of Processing, Representative, Right to Object

Data Protection Authority of Ireland-Irish Teacher Council (12/2/2021)

Controllers and Processors, Data Breaches, Data Subjects Rights, Principles

Hellenic Data Protection Authority (HDPA)-Greek Ministry of Tourism (12/29/2021)

Controllers and Processors, Data Breaches, Data Protection Officer (DPO), Data Subjects Rights

French Data Protection Authority (CNIL)-FREE MOBILE (12/28/2021)

Data Subjects Rights, Principles, Privacy by Design, Right to Object

Deputy Data Protection Ombudsman-Psykoterapiakeskus Vastaamo (12/7/2021)

Controllers and Processors, Data Breaches, Data Subjects Rights, Integrity and confidentiality, Principles

Polish National Personal Data Protection Office (UODO)-Bank Millennium S.A (10/14/2021)

Controllers and Processors, Data Breaches, Data Subjects Rights

Hellenic Data Protection Authority (HDPA)-ΚΑΠΑ ΛΑΜΔΑ ΩΜΕΓΑ ΔΙΑΦΗΜΙΣΤΙΚΗ ΕΜΠΟΡΙΚΗ ΜΟΝΟΠΡΟΣΩΠΗ ΕΤΑΙΡΕΙΑ ΠΕΡΙΟΡΙΣΜΕΝΗΣ ΕΥΘΥΝΗΣ (10/14/2021)

Data Subjects Rights, Lawfulness of Processing, Right to Object

Bulgarian Commission for Personal Data Protection (KZLD)-Bank (10/26/2021)

Principles, Purpose limitation

Hellenic Data Protection Authority (HDPA)-PREMIUMMEDIA ΠΑΡΑΓΩΓΗ ΟΠΤΙΚΟ-ΑΚΟΥΣΤΙΚΩΝ ΕΡΓΩΝ ΙΔΙΩΤΙΚΗ ΚΕΦΑΛΑΙΟΥΧΙΚΗ ΕΤΑΙΡΙΑ (10/4/2021)

Data Subjects Rights, Right to Object

National Commission for Data Protection (CNPD)-Insurance company (8/5/2021)

Controllers and Processors, Data Breaches, Data Subjects Rights, Integrity and confidentiality, Principles

Spanish Data Protection Authority (aepd)-Vodafone España, S.A.U. (10/19/2021)

Data Subjects Rights, Right to Object

Spanish Data Protection Authority (aepd)-Bar owner (9/28/2021)

Principles, Purpose limitation

Data Protection Authority of Ireland-Vodafone Ireland Limited (9/7/2021)

Data Subjects Rights, Right to Object

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Actamedica SRL (8/24/2021)

Controllers and Processors, Data Breaches, Data Processing Agreement (DPA), Data Subjects Rights

Polish National Personal Data Protection Office (UODO)-Fundację Promocji Mediacji i Edukacji Prawnej Lex Nostra (6/30/2021)

Controllers and Processors, Data Breaches, Data Subjects Rights

Polish National Personal Data Protection Office (UODO)-Sopockie Towarzystwo Ubezpieczeń ERGO Hestia S.A. (6/21/2021)

Controllers and Processors, Data Breaches, Data Subjects Rights

Polish Data Protection Authority (UODO)-Cyfrowy Polsat S.A. (4/22/2021)

Controllers and Processors, Data Breaches, Data Subjects Rights, Technical and Organisational Measures (TOMs)

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Budapest Főváros Kormányhivatala XI. kerületi Hivatalát (11th District Public Health Department of the Government Office of the Capital City Budapest) (3/24/2021)

Controllers and Processors, Data Breaches, Sensitive Data, Technical and Organisational Measures (TOMs)

Dutch Supervisory Authority for Data Protection (AP)-PVV Overijssel (6/16/2020)

Controllers and Processors, Data Breaches

Spanish Data Protection Authority (aepd)-Promotech Digital S.L. (4/6/2021)

Data Subjects Rights, Right to Object

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-S.C. Tip Top Food Industry S.R.L (4/15/2021)

Accountability, Lawfulness of Processing, Principles, Purpose limitation, Sensitive Data

Dutch Supervisory Authority for Data Protection (AP)-Booking.com B.V. (12/10/2020)

Controllers and Processors, Data Breaches

Polish National Personal Data Protection Office (UODO)-Enea S.A. (1/11/2021)

Controllers and Processors, Data Breaches

Spanish Data Protection Authority (aepd)-Certime S.A. (3/15/2021)

Principles, Purpose limitation

Spanish Data Protection Authority (aepd)-I-DE Redes Eléctricas Inteligentes, S.A.U (3/2/2021)

Performance of Contract, Principles, Purpose limitation, Sensitive Data

Polish National Personal Data Protection Office (UODO)-Unknown (1/5/2021)

Controllers and Processors, Data Breaches

Data Protection Authority of Ireland-University College Dublin (12/17/2020)

Controllers and Processors, Data Breaches, Principles, Sensitive Data, Storage limitation, Technical and Organisational Measures (TOMs)

Polish National Personal Data Protection Office (UODO)-Śląski Uniwersytet Medyczny (Medical University of Silesia) (1/5/2021)

Controllers and Processors, Data Breaches, Data Subjects Rights

Polish National Personal Data Protection Office (UODO)-Towarzystwo Ubezpieczeń i Reasekuracji WARTA S.A. (12/28/2020)

Controllers and Processors, Data Breaches, Data Subjects Rights

Polish National Personal Data Protection Office (UODO)-TUiR Warta S.A. (12/9/2020)

Controllers and Processors, Data Breaches, Data Subjects Rights

French Data Protection Authority (CNIL)-Perfomeclic (12/7/2020)

Data minimisation, Data Subjects Rights, Principles, Right to Object, Sensitive Data

Data Protection Authority of Ireland-Twitter International Company (12/15/2020)

Controllers and Processors, Data Breaches

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Robinson Tours Ltd. (Robinson Tours Idegenforgalmi és Szolgáltató Kft.) (12/16/2020)

Controllers and Processors, Data Breaches, Lawfulness of Processing, Performance of Contract, Principles, Privacy by Design

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Unknown (12/16/2020)

Principles, Purpose limitation, Sensitive Data

Spanish Data Protection Authority (aepd)-Tour & People Max S.L. (7/31/2020)

Data Subjects Rights, Right to Object

Spanish Data Protection Authority (aepd)-Party of the Socialists of Catalonia (8/17/2020)

Principles, Purpose limitation

Spanish Data Protection Authority (aepd)-Bankia S.A. (8/28/2020)

Principles, Purpose limitation

Spanish Data Protection Authority (aepd)-Saunier-Tec Mantenimientos de Calor y Frio, SL. (7/2/2020)

Controllers and Processors, Data Breaches

Spanish Data Protection Authority (aepd)-De Vere Spain S.L. (7/2/2020)

Data Subjects Rights, Right to Object

Danish Data Protection Authority (Datatilsynet)-Lejre Municipality (6/30/2020)

Controllers and Processors, Data Breaches, Principles, Representative

Data Protection Authority of Ireland-Tusla Child and Family Agency (6/30/2020)

Controllers and Processors, Data Breaches

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Digi Távközlési Szolgáltató Kft. (‘Digi’) (electronic communication service provider) (6/12/2020)

Controllers and Processors, Principles, Purpose limitation, Technical and Organisational Measures (TOMs)

Data Protection Authority of Sweden (Integritetsskyddsmyndigheten)-National Government Service Centre (NGSC) (4/29/2020)

Controllers and Processors, Data Breaches, Data Subjects Rights

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Directorate of Social and Child Welfare Institutions of the Ferencvaros District of Budapest (5/21/2019)

Controllers and Processors, Data Breaches

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Financial Enterprise (6/26/2019)

Controllers and Processors, Data Subjects Rights, Principles, Representative, Right to Object

Data Protection Authority of Hamburg-Hamburger Verkehrsverbund GmbH (HVV GmbH) (7/11/1905)

Controllers and Processors, Data Breaches, Data Subjects Rights

Data Protection Authority of Hamburg-Hamburger Volksbank eG (7/11/1905)

Data Subjects Rights, Right to Object

Italian Data Protection Authority (Garante)-Eni Gas e Luce (12/11/2019)

Access Requests (DSAR), Controllers and Processors, Data Subjects Rights, Principles, Representative, Right to Object

Italian Data Protection Authority (Garante)-TIM (telecommunications operator) (1/15/2020)

Access Requests (DSAR), Controllers and Processors, Data Subjects Rights, Principles, Representative, Right to Object

Spanish Data Protection Authority (aepd)-Iberia Lineas Aereas de Espana, S.A. Operadora Unipersonal (2/3/2020)

Controllers and Processors, Data Subjects Rights, Principles, Representative, Right to Object

Spanish Data Protection Authority (aepd)-Banco Bilbao Vizcaya Argentaria S.L. (2/3/2020)

Controllers and Processors, Data Subjects Rights, Principles, Representative, Right to Object

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-Hora Credit IFN SA (12/10/2019)

Controllers and Processors, Data Breaches, Data Subjects Rights, Principles, Technical and Organisational Measures (TOMs)

Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)-SC Enel Energie S.A. (Electricity Distributor) (12/16/2019)

Consent, Controllers and Processors, Data Subjects Rights, Lawfulness of Processing, Principles, Representative, Right to Object

Hellenic Data Protection Authority (HDPA)-Wind Hellas Telecommunications (10/18/2019)

Data Subjects Rights, Right to Object

Hellenic Data Protection Authority (HDPA)-Telecommunication Service Provider (10/7/2019)

Data Subjects Rights, Right to Object

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Unknown (6/25/2019)

Controllers and Processors, Data Breaches

Data Protection Authority of Berlin-Delivery Hero (9/19/2019)

Access Requests (DSAR), Data Subjects Rights, Right to Object

Data Protection Authority of Hamburg-Unknown (7/10/1905)

Controllers and Processors, Data Breaches, Data Subjects Rights

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Hungarian political party (4/5/2019)

Controllers and Processors, Data Breaches, Data Subjects Rights

Lithuanian Data Protection Authority (VDAI)-Payment service provider UAB MisterTango (5/16/2019)

Controllers and Processors, Data Breaches, Data Subjects Rights, Principles

Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)-Unnamed financial institution (3/4/2019)

Controllers and Processors, Data Subjects Rights, Principles, Purpose limitation, Representative, Right to Erasure

Belgian Data Protection Authority (APD)-Mayor (5/28/2019)

Controllers and Processors, Principles, Purpose limitation, Representative

Bulgarian Commission for Personal Data Protection (KZLD)-Bank (12/4/2018)

Controllers and Processors, Principles, Purpose limitation, Representative

Case C‑21/23 CJEU (full text in german)

Controllers and Processors, Data Breaches, Health Data, Lawfulness of Processing, Principles, Sensitive Data

Press Release No 159/24 on Judgment of the Court in Case C-21/23 CJEU

Controllers and Processors, Data Breaches, Health Data, Lawfulness of Processing, Principles, Sensitive Data

Решение Рег.№ ППН-02-399-2019 КЗЛД – НАП

Controllers and Processors, Data Breaches, Lawfulness of Processing

Наказателно постановление-04-2019-КЗЛД-НАП

Controllers and Processors, Data Breaches, Lawfulness of Processing

Genetic Testing Company 23andMe Pays $30M for Data Breach

Data Breaches, Sensitive Data

Opinion 37/2023 on the draft decision of the competent supervisory authority of Luxemburg regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) |EPDB

Certification, Controllers and Processors

Opinion 38/2023 on the draft decision of the competent supervisory authority of Slovenian regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR). |EPDB

Certification, Controllers and Processors

CASE STUDIES (2018 – 2023) by the Irish DPC

Access Requests (DSAR), Controllers and Processors, Data Breaches, Data Subjects Rights, Liability and Remedies, Supervisory Authorities

One-stop-shop case digest on Security of Processing and Data Breach Notification by the EDPB

Controllers and Processors, Data Breaches, Technical and Organisational Measures (TOMs)

Case T-1077/23

AI, Copyright, Specific processing situations

[Press release] Commission opens formal proceedings against X under the Digital Services Act

Digital Services Act

The NYT vs OpenAI and Microsoft

AI, Copyright, Specific processing situations

[DRAFT] Data Confidentiality – Identifying and Protecting Assets Against Data Breaches by NIST

Controllers and Processors, Data Breaches

Data breach preparation and response by the Australian Information Commisioners

Controllers and Processors, Data Breaches

Data Breach Process Guidance by HSE

Controllers and Processors, Data Breaches

One-Stop-Shop thematic case digest: RIGHT TO OBJECTAND RIGHT TO ERASURE

Data Subjects Rights, Right to Erasure, Right to Object

C-77/21

Principles, Purpose limitation

Noyb Complaint Case: C-082-01 to EU Data protection Supervisor against EU Parliament

Controllers and Processors, Data Breaches, Public Administrative Body

Decision by Dutch Data Protection Authority to impose an administrative fine on Uber |English

Controllers and Processors, Data Breaches, Data Subjects Rights

Noyb Complaint Case: C-082-02 to EU Data protection Supervisor against EU Parliament

Controllers and Processors, Data Breaches, Public Administrative Body

NIST Special Publication_1800-29 Data Confidentiality- Detect, Respond to, and Recover from Data Breaches

Controllers and Processors, Data Breaches

Global Third Party Cybersecurity Breaches by SecurityScorecard

Controllers and Processors, Data Breaches

Personal data breach report form

Controllers and Processors, Data Breaches

Opinion 1/2022 on the draft decision of the Luxembourg Supervisory Authority regarding the GDPR – CARPA certification criteria |EPDB

Certification, Controllers and Processors

Opinion 25/2022 regarding the European Privacy Seal (EuroPriSe ) certification criteria for the certification of processing operations by processors |EPDB

Certification, Controllers and Processors

Opinion 15/2023 on the draft decision of the Dutch Supervisory Authority regarding the Brand Compliance certification criteria |EPDB

Certification, Controllers and Processors

Opinion 28/2022 on the Europrivacy criteria of certification regarding their approval by the Board as European Data Protection Seal pursuant to Article 42.5 (GDPR) |EPDB

Certification, Controllers and Processors

Personal data breaches in the health sector: how to avoid them (and how to deal with them when they happen) by the UK ICO

Data Breaches, Health Data

Guidelines 01/2021 on Examples regarding Personal Data Breach Notification

Data Breaches

Guidelines 09/2020 on relevant and reasoned objection under Regulation 2016/679

Data Subjects Rights, Right to Object

Guidelines 9/2022 on personal data breach notification under GDPR [Official EDPB Guidelines] [pdf]

Data Breaches

Building a Cybersecurity and Privacy Learning Program | NIST | Initial Public Draft

Data Breaches, Employment, Risk Management, Technical and Organisational Measures (TOMs)

A Guide to UK GDPR Principles | UK ICO

Accountability, Accuracy, Data minimisation, Integrity and confidentiality, Lawfulness of Processing, Principles, Purpose limitation, Storage limitation, Transparency

GDPR Data Incidents – The Step-by-Step Playbook for Effective Response

Data Breaches