Below is an outline of the educational document "A Practical Guide to Personal Data Breach Notifications under the GDPR" by the DPC. If you’re a member, then you can log into our Digital Library and view it in your browser using the email address you signed up with. PS. Only members can successfully log in.
- Click HERE to log into the library (Members only).
- Folder: Books and Guides > Privacy Docs
If you are having issues logging in, please check the following help guide, HERE.
2. Overview of Breach Notification Regime
3. What is a personal data breach?
4. When does a controller have to notify the DPC of a breach under the GDPR?
5. What should a notification to the DPC contain?
6. When does a controller have to communicate a personal data breach to data subjects?
7. What should a communication to a data subject contain?
8. Can controllers notify data subjects of a breach even if the risk is not assessed as high?
9. Assessing Risk
10. Case Studies – Under-Estimation of Risk
11. Case Study – Over-Estimation of Risk
12. Late Notifications or No Notification
13. Case Study – No Communication
14. Inadequate Reporting
15. Case Study – Inadequate Reporting
16. Technical Knowledge
17. Case Study – Inadequate Technical Knowledge
18. Repeat Breach Notifications
19. Case Study – Repeat Breach Notifications
20. Social Engineering
21. Case Study – Social Engineering
22. Data Accuracy
23. Case Study – Data Accuracy
24. Conclusions and Recommendations
25. Obligations to Notify and Communicate – Articles 33 and 34
26. Assessing Risk
27. Information to Be Provided
28. Personal Data Breach Policy and Procedure
- Log into the library to access (Members only), click HERE.
- Apply for membership (free) at caribbeancspa.org/apply, if you have a photo ID from the Caribbean.
- View our list of Members at caribbeancspa.org/members.
This article was contributed by Racquel Bailey from Jamaica. Jason is a member of the Caribbean CSPA.