Write email

Art. 27 GDPR – Personal Data Breach Notification – EDPB Guideline 09/2022

Author: Wolfgang von Sandersleben, DP-Dock GmbH
Last updated: May 2023
Category: Data Security

Our Art. 27 GDPR Rep Clients may already be aware of the so-called “one-stop shop”-concept. This concept would be practical within the context of notifying the authorities about a potential data breach (Art. 33 GDPR), since an organization would only need to notify the authorities of the country where the data controller or the data processor has its representative. Lately, however, there have been talks on abolishing the one-stop-shop, which would mean that the potential breach will need to be notified to every supervisory authority for which affected data subjects reside in their Member State, according to Footnote 37 of the Guidelines 9/2022 on personal data breach notification under GDPR, which were published on March 28, 2023. The essential difficulties that come from this decision are not to be taken lightly: keeping within the 72-hour notification breach is to be considered the main issue. It remains to be seen how this decision is going to be implemented in practice as well as how the EU data protection authorities will work with one another to facilitate the settlement of the notification procedure. DP-Dock offers its services in multiple EU languages, thus facilitating the, by now, rather complex notification process, and is providing assistance in the cross-notification obligation of the Controller.

More information here

Cybersecurity internet and networking concept. Close up of hand holding smartphone information security and encryption, secure access to user's personal information, secure Internet access. — © Thapana_Studio / stock.adobe.com | #482132925

Back to the news overview

Privacy settings

We use cookies on our website. Some of them are essential, while others help us improve this website and your experience.

In this overview you can select and deselect individual cookies of a category or entire categories. You will also receive more information about the cookies available.

Group	essential
Name	Matomo
Technical name
Provider
Expire in days	72
Privacy policy
Use	Use without cookies
Allowed
Group	external media
Name	Calendly
Technical name	__cf_bm,__cfruid,OptanonConsent
Provider	Calendly LLC
Expire in days	365
Privacy policy
Use	To arrange appointments via the provider Calendly
Allowed
Name	Contao CSRF Token
Technical name	csrf_contao_csrf_token
Provider	Contao
Expire in days	0
Privacy policy
Use	Serves to protect the website from cross-site request forgery attacks. After closing the browser, the cookie is deleted again.
Allowed
Name	Contao HTTPS CSRF Token
Technical name	csrf_https_contao_csrf_token
Provider	Contao
Expire in days	0
Privacy policy
Use	Serves to protect the encrypted website (HTTPS) against falsification of cross-site requests. After closing the browser the cookie is deleted again
Allowed
Name	PHP SESSION ID
Technical name	PHPSESSID
Provider	Contao
Expire in days	0
Privacy policy
Use	PHP cookie (programming language), PHP data identifier. Contains only a reference to the current session. There is no information in the user's browser saved and this cookie can only be used by the current website. This cookie is used all used in forms to increase usability. Data entered in forms will be e.g. B. briefly saved when there is an input error by the user and the user receives an error message receives. Otherwise all data would have to be entered again
Allowed