The Irish Data Protection Commission has issued guidance on data breach notification under GDPR. Attorneys at Fox Rothschild have prepared a summary that begins:
Key takeaways:
A personal data breach is a security incident that negatively impacts the confidentiality, integrity, or availability of personal data, with the consequence that the controller is unable to ensure compliance with the principles for processing personal data as outlined in Article 5 of the General Data Protection Regulation. You must conduct a risk assessment to determine whether a breach is reportable. Factors to consider regarding the risk:
Read more on Privacy Compliance & Data Security.