Guidelines 01/2021 on Examples regarding Personal Data Breach Notification
| Jurisdiction | European Union |
| Date | 03 January 2022 |
| Year | 2022 |
| Type of Document | Guidance |
1
Adopted - after public consultation
Guidelines 01/2021
on Examples regarding Personal Data Breach
Notification
Adopted on 14 December 2021
Version 2.0
2
Adopted - after public consultation
Version history
Version 2.0
14 12 2021
Adoption of the Guidelines after public consultation
Version 1.0
14 01 2021
Adoption of the Guidelines for public consultation
3
Adopted - after public consultation
Table of contents
1 INTRODUCTION........................................................................................................................................5
2 RANSOMWARE.........................................................................................................................................8
2.1 CASE No. 01: Ransomware with proper backup and without exfiltration.......................................8
2.1.1 CASE No. 01 - Prior measures and risk assessment.................................................................8
2.1.2 CASE No. 01 – Mitigation and obligations ...............................................................................9
2.2 CASE No. 02: Ransomware without proper backup ......................................................................10
2.2.1 CASE No. 02 - Prior measures and risk assessment...............................................................10
2.2.2 CASE No. 02 – Mitigation and obligations .............................................................................11
2.3 CASE No. 03: Ransomware with backup and without exfiltration in a hospital............................12
2.3.1 CASE No. 03 - Prior measures and risk assessment...............................................................12
2.3.2 CASE No. 03 – Mitigation and obligations .............................................................................12
2.4 CASE No. 04: Ransomware without backup and with exfiltration.................................................13
2.4.1 CASE No. 04 - Prior measures and risk assessment...............................................................13
2.4.2 CASE No. 04 – Mitigation and obligations .............................................................................14
2.5 Organizational and technical measures for preventing / mitigating the impacts of ransomware
attacks14
3 Data Exfiltration ATTACKS......................................................................................................................15
3.1 CASE No. 05: Exfiltration of job application data from a website .................................................15
3.1.1 CASE No. 05 - Prior measures and risk assessment...............................................................15
3.1.2 CASE No. 05 – Mitigation and obligations .............................................................................16
3.2 CASE No. 06: Exfiltration of hashed password from a website .....................................................17
3.2.1 CASE No. 06 - Prior measures and risk assessment...............................................................17
3.2.2 CASE No. 06 – Mitigation and obligations .............................................................................17
3.3 CASE No. 07: Credential stuffing attack on a banking website......................................................18
3.3.1 CASE No. 07 - Prior measures and risk assessment...............................................................18
3.3.2 CASE No. 07 – Mitigation and obligations .............................................................................18
3.4 Organizational and technical measures for preventing / mitigating the impacts of hacker
attacks19
4 INTERNAL HUMAN RISK SOURCE...........................................................................................................20
4.1 CASE No. 08: Exfiltration of business data by an employee..........................................................20
4.1.1 CASE No. 08 - Prior measures and risk assessment...............................................................20
4.1.2 CASE No. 08 – Mitigation and obligations .............................................................................21
4.2 CASE No. 09: Accidental transmission of data to a trusted third party.........................................22
4.2.1 CASE No. 09 – Prior measures and risk assessment ..............................................................22
4.2.2 CASE No. 09 – Mitigation and obligations .............................................................................22
Get this document and AI-powered insights with a free trial of vLex and Vincent AI
Get Started for FreeUnlock full access with a free 7-day trial
Transform your legal research with vLex
-
Complete access to the largest collection of common law case law on one platform
-
Generate AI case summaries that instantly highlight key legal issues
-
Advanced search capabilities with precise filtering and sorting options
-
Comprehensive legal content with documents across 100+ jurisdictions
-
Trusted by 2 million professionals including top global firms
-
Access AI-Powered Research with Vincent AI: Natural language queries with verified citations
Unlock full access with a free 7-day trial
Transform your legal research with vLex
-
Complete access to the largest collection of common law case law on one platform
-
Generate AI case summaries that instantly highlight key legal issues
-
Advanced search capabilities with precise filtering and sorting options
-
Comprehensive legal content with documents across 100+ jurisdictions
-
Trusted by 2 million professionals including top global firms
-
Access AI-Powered Research with Vincent AI: Natural language queries with verified citations
Unlock full access with a free 7-day trial
Transform your legal research with vLex
-
Complete access to the largest collection of common law case law on one platform
-
Generate AI case summaries that instantly highlight key legal issues
-
Advanced search capabilities with precise filtering and sorting options
-
Comprehensive legal content with documents across 100+ jurisdictions
-
Trusted by 2 million professionals including top global firms
-
Access AI-Powered Research with Vincent AI: Natural language queries with verified citations
Unlock full access with a free 7-day trial
Transform your legal research with vLex
-
Complete access to the largest collection of common law case law on one platform
-
Generate AI case summaries that instantly highlight key legal issues
-
Advanced search capabilities with precise filtering and sorting options
-
Comprehensive legal content with documents across 100+ jurisdictions
-
Trusted by 2 million professionals including top global firms
-
Access AI-Powered Research with Vincent AI: Natural language queries with verified citations
Unlock full access with a free 7-day trial
Transform your legal research with vLex
-
Complete access to the largest collection of common law case law on one platform
-
Generate AI case summaries that instantly highlight key legal issues
-
Advanced search capabilities with precise filtering and sorting options
-
Comprehensive legal content with documents across 100+ jurisdictions
-
Trusted by 2 million professionals including top global firms
-
Access AI-Powered Research with Vincent AI: Natural language queries with verified citations