A company that suffers a data breach in Europe may soon have less paperwork to deal with. The European Data Protection Board (EDPB) has developed a common data breach notification template that all organizations in the EU will soon be able to use in the event of a data breach.
-
The EU wants to end the patchwork of different breach reporting forms across member states.
-
Companies will face more detailed questions about what went wrong and who was affected.
-
Organizations will have to disclose whether protections like MFA, encryption, and employee training were in place.
-
The new template could make it easier for regulators to spot patterns, compare breaches, and hold companies accountable.
Recently, the EDPB met with Michael McGrath, EU Commissioner for Democracy, Justice, the Rule of Law, and Consumer Protection, to discuss common priorities in the European Union.
One of the key topics discussed was the Digital Omnibus, a set of proposals that aims to simplify and harmonize the existing rules on AI, cybersecurity, and data protection in the EU.
More specifically, members of the EDPB and McGrath deliberated on strengthening consistency across Europe regarding data breach notifications.
As it stands today, every privacy regulator and data protection authority (DPA) has a slightly different approach to data leaks. For starters, they all use a distinct form for citizens and businesses to report data breaches.
To harmonize the data breach notification process across all EU Member States, the EDPB has designed a template to help DPAs obtain all the information they need in a more consistent, structured, and uniform way.
The template requires companies and organizations to provide detailed information about what happened, when it happened, when the data breach was discovered, how it was discovered, who was affected, what data was involved, what safeguards were already in place, and what additional security measures were taken to prevent recurrence.
Data controllers are also required to report the likely cause of the breach, such as a ransomware attack, phishing, misconfigured cloud settings, lost devices, insider abuse, or human error.
In addition, security measures will come under greater scrutiny. Companies and organizations will have to explain the safety measures in place at the time of the breach, such as multi-factor authentication (MFA), encryption, employee security training, audits, and backup protocols.
Check if your data has been leaked
Lastly, the template wants to know exactly which types of personal data were affected and the potential harms victims could face, including identity theft, fraud, financial loss, and reputational damage.
The template is open for public consultation, inviting stakeholders to provide feedback. They have until August 5th to do so. After that, a timeline will be drawn up for a rollout to European privacy and data protection supervisors.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked