The General Data Protection Regulation (GDPR) will apply from 25 May 2018. It will oblige companies processing personal data to comply with new and more stringent data protection rules. One obligation will be for companies to notify (personal) data breaches to the competent supervisory authority.
Companies will have to submit the relevant information without undue delay and, where feasible, no later than 72 hours after having become aware of the breach. Such information includes the nature of the breach, categories and approximate number of data subjects and of personal data records concerned, likely consequences and measures taken to address and mitigate the breach.
Insurance Europe has developed a template as a possible way to meet this obligation. The suggested template could be of particular interest to SMEs and supervisory authorities. The former could rely on it instead of undertaking a descriptive exercise in the midst of a data breach, for which they may not have the resources.
…