– DRAFT –
DPVCG Meeting Call

Data Breach vocabulary

We are looking at collecting official guidelines

EDPB - https://edpb.europa.eu/system/files/2022-10/edpb_guidelines_202209_personal_data_breach_notification_targetedupdate_en.pdf

IE DPC has a form - https://www.dataprotection.ie/en/organisations/know-your-obligations/breach-notification

UK ICO has a form - https://ico.org.uk/for-organisations/report-a-breach/

Finish DPA https://tietosuoja.fi/en/data-breach-notification

harsh: Do we consider time/event existing standards -> yes

What events and information do we focus on? E.g. event logs, notifications

Jan - we only focus on communications to DPA?

harsh: We have to go for the maximum information that may be required by DPAs so that we support all use-cases. We can then reduce the information required for specific use-cases but the vocabulary will support the entire range.

Swedish DPA - https://e-tjanster.imy.se/en/reportsupp

BFDI German DPA https://formulare.bfdi.bund.de/lip/form/display.do?%24context=B498B0775563EE80A300

georg: Organising a conference https://www.alpineprivacydays.net/2023/ Alpine Privacy Days 2023 8-10 March featuring several prominent people, DPAs, and EU experts. Contact for attending.

We will continue to collect documents and analyse them for requirements related to Data Breaches.