EU guidance on GDPR data breach and profiling

27 October 2017

The Article 29 Working Party – the group of EU data protection authorities charged with agreeing European-wide guidance on General Data Protection Regulation (GDPR) – has published guidelines on profiling and breach reporting.

The breach reporting element is certainly relevant to payroll and pension departments and employers in general. The GDPR introduces the requirement for a personal data breach to be notified to the competent national supervisory authority and, in certain cases, communicate the breach to the individuals whose personal data have been affected by the breach.

Full details and links to guidelines can be found in the Information Commissioner’s Office (ICO) blog.

Guidelines on administrative fines that were adopted earlier this month will also be published shortly.

Consistency across the EU is one of the fundamental drivers of the GDPR and, as the UK member of Article 29 (WP29), they are either leading or assisting in the development of guidance on some of the main aspects of the law.