Recommendations for technical implementation of Art.4
In 2011 ENISA has set up an Expert Group composed of representatives of the EU institutions, Art.29 Working Party, national DPAs and industry. This group helped in the development of the specific technical recommendations for the implementation of the Article 4 of the ePrivacy Directive, including a practical and usable definition of a data breach, and in particular its relation to the definition of an “information security incident”, criteria for determining a data breach, identification and assessment of security controls that affect determination of a breach, identification and assessment of risks of data breaches and procedures of notifications about data breaches in both private and public sector, including online processing of data breaches, definition of „undue delay‟ etc.
- Published
- Authors
- Darren Bilby, Google, Manuel García Sánchez, Spanish Data Protection Authority, ES, Gwendal LeGrand, Commission Nationale de l'Informatique et des Libertés (CNIL), FR, Jean Gonie, Microsoft, Miroslaw Maj, Cybersecurity Foundation, Konstantinos Moulinos, Greek Data Protection Authority, GR, Sjoera Nas, Dutch Data Protection Authority, NL, Melanie Shillito, Promontory Financial Group, UK, Tomasz Soczynski , Polish Data Protection Authority, PL, David Sutton, TACIT.TEL, UK, Barbara Daskala, ENISA, Slawomir Gorniak, ENISA
- Language