Personal Data Breaches. A Feasibility Study on a Cyber Exercise

The Directive 2009/136/EC (amending Directive 2002/58/EC) introduces a new obligation for the providers of electronic communication services to notify data breaches to the competent authorities and the individuals affected by the data breach. In particular, in the context of the European Single Market a data breach easily discloses a cross-border dimension which should be addressed specifically within the scope of the above mentioned Directive. Immediate notifications involving various actors and across various fields of competences and scope will obviously require well-planned and coordinated processes of communication. Hence these processes should be continuously tested and further improved. Nevertheless little experience does exist which is the driving force to plan for structured exercises concerning the applicability of the Directive. It is therefore of utmost interest to start undertaking a personal data breach exercise similar to other cyber exercises. This document contains a feasibility study with which such a personal data breach exercise could be started. The feasibility study proposed an executable first plan, its key elements, a provisional timeline and, most importantly, a summary of human and financial resources needed.

GENEIATAKIS Dimitrios;  SCHEER Stefan; 

2014-08-20

Publications Office of the European Union

JRC78087

978-92-79-28188-4 (print),    978-92-79-28187-7,   

1018-5593 (print),    1831-9424 (online),   

EUR 25251 EN,    OP LB-NA-25251-EN-C (print),    OP LB-NA-25251-EN-N (online),   

https://publications.jrc.ec.europa.eu/repository/handle/JRC78087,   

10.2788/79792 (print),    10.2788/79635 (online),   

https://publications.jrc.ec.europa.eu/repository/bitstream/JRC78087/lbna25251enn.pdf