Recommendations for technical implementation of Art.4

In 2011 ENISA has set up an Expert Group composed of representatives of the EU institutions, Art.29 Working Party, national DPAs and industry. This group helped in the development of the specific technical recommendations for the implementation of the Article 4 of the ePrivacy Directive, including a practical and usable definition of a data breach, and in particular its relation to the definition of an “information security incident”, criteria for determining a data breach, identification and assessment of security controls that affect determination of a breach, identification and assessment of risks of data breaches and procedures of notifications about data breaches in both private and public sector, including online processing of data breaches, definition of „undue delay‟ etc.

Published
Authors
Darren Bilby, Google, Manuel García Sánchez, Spanish Data Protection Authority, ES, Gwendal LeGrand, Commission Nationale de l'Informatique et des Libertés (CNIL), FR, Jean Gonie, Microsoft, Miroslaw Maj, Cybersecurity Foundation, Konstantinos Moulinos, Greek Data Protection Authority, GR, Sjoera Nas, Dutch Data Protection Authority, NL, Melanie Shillito, Promontory Financial Group, UK, Tomasz Soczynski , Polish Data Protection Authority, PL, David Sutton, TACIT.TEL, UK, Barbara Daskala, ENISA, Slawomir Gorniak, ENISA
Language
English

This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies