Equipa

Nota legal

Security breaches: updated criteria for security breach management and notification

07/06/2021

The purpose of this Legal Briefing is to analyse the AEPD’s criteria for assessing the appropriateness of penalties in light of its latest decisions.

On 25 May 2021, the Spanish Data Protection Agency (AEDP) published a new guide on Personal Data Breach Notification, which updates the 2018 version in line with the experience gained in the period following the entry into force of Regulation (EU) 2016/679 of 27 April on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

The purpose of this Legal Briefing is to analyse the AEPD’s criteria for assessing the appropriateness of penalties in light of its latest decisions, as well as to provide information on the content of the new guide, the main objective of which is to enable controllers and processors to comply effectively and efficiently with the system for notifying the supervisory authority of a personal data security breach and the obligation to notify data subjects when the incident may have affected their fundamental rights and freedoms.

The entire content of the Legal Briefing can be found in the PDF.