Contact us

EDPB issues one-stop-shop case digest on security of processing and data breach notification

This case review looks at a selection of one-stop-shop decisions which relate to security of processing and data breach notification/communication.

This review is interesting in that it shows how the Data Protection Authorities (DPAs) have approached matters such as what technical and organisational measures are appropriate to ensure a level of security appropriate to risk.

Whilst some of the decisions turned on the facts of the particular case, there were also general takeaways. For example, several DPAs examined the establishment of proper access control mechanisms involving individual authentication of persons who are allowed to access specific sets of data. The lack of such clear access control mechanisms led various DPAs to find violations of Article 32 GDPR.

The report also revealed a cautious approach to notification of breaches, with organisations often deciding to notify “just in case”.

The full digest can be found here.

Share:

Facebook
X
Pinterest
LinkedIn

Related Posts

View all
News

How to run a successful data champions programme

The role of a DPO can be a solitary one, in this article for Privacy Laws and Business, Jenai Nissim...

Read more
News

ICO issues report on Agentic AI

The ICO’s latest tech futures report focuses on agentic AI. The ICO notes that agentic AI is evolving at pace...

Read more
News

EU Commission proposes new cyber security package

On 20 January 2026, the EU Commission proposed a new package of cyber security measures. The package includes a proposal...

Read more
News

EDPB and EDPS adopt joint opinion on the AI provisions in the Digital Omnibus

On 20 January 2026, the EDPB and EDPS issued a joint opinion on the AI provisions in the Digital Omnibus,...

Read more
News

EDPB releases recommendations for processor BCRs

On 19 January 2026, the EDPB released recommendations for processor BCRs which aim to: Provide a standard form for the...

Read more
News

The ICO updates guidance on international transfers

On 15 January 2026, the ICO released updated guidance on international transfers which aims to reduce complexity and support responsible...

Read more

Our experience...

Speaks for itself through collaboration with leading global brands such as…

  • Tech giants
  • Health tech start-ups
  • Forward-thinking financial institutions
  • Global dating app
  • One of the largest entertainment record labels globally
  • Shopping meccas
  • National broadcasters
  • Professional services firms and regulators
Contact us
0 +

Sector specialisms and in-depth experience

0 %

Client retention rate and long lasting relationships

0 s

Learners who complete our data protection training each year

Skyscanner logo

Don't just take our word for it

“If you’re looking for trustworthy, pragmatic and diligent legal advisors, say Hello(to)DPO! The team has been a great support to Skyscanner on a broad range of privacy and data protection matters, whether advising at a compliance level or on more acute legal issues. You’ll enjoy considerate, timely and helpful advice, provided by professionals with whom it’s a delight to work.”

Gemma Witham
Director of Legal (Privacy), Group Privacy Officer, Sykscanner Limited

HR Dept logo

Don't just take our word for it

“We have been working with HelloDPO for several years now and I have always found them to be friendly, approachable and above all professional in their approach. I would have no hesitation in recommending them.”

Serena May
Director, Southern HR Ltd

AETNA logo

Don't just take our word for it

“We have worked with Jenai, Alison and the HelloDPO team for over 5 years as our DPO and have found their advice and support invaluable. They are pragmatic and flexible in the advice they provide, and assist in making data protection compliance apply in a corporate environment. Working with them is like having additional members of our team, and the relationship has flourished over time.”

Craig Saunders
Head of International Privacy, Aetna Global Benefits (UK) Ltd

 

Frasers Hospitality logo

Don't just take our word for it

“The team (Jenai and Lisa) provided DPO services and compliance support to our business for over a year, during which they consistently delivered high quality advice and excellent client service. The demands of the hospitality industry are high and HelloDPO adapted to this quickly and seamlessly – they are responsive, knowledgeable, and pragmatic. They are also a pleasure to work with.”

Frasers Hospitality (UK) Ltd

Chartered Accountants Worldwide logo

Don't just take our word for it

“We have been working with HelloDPO for nearly a year. The team have been great to work with, highly professional and flexible. Most importantly, they have given clear advice and guidance in what is a very complex area. Well done and we look forward to continuing working with you!”

Ruth Hidalgo
Director, Chartered Accountants Worldwide

Cadogan logo

Don't just take our word for it

“The HelloDPO team have led us patiently through the intricacies of GDPR over the years, helping us to navigate a careful path to ensure understanding of the rules and therefore compliance with them. HelloDPO are a pleasure to work with and I’d have no hesitation in recommending them to others looking for good, commercial advice in this complex area.”

Sanjay Patel
Finance Director, Cadogan Group Limited

Compre logo

Don't just take our word for it

“We have recently engaged HelloDPO and the team, led by Jenai, has been responsive, practical and generally very helpful when dealing with our data protection queries. We look forward to what’s on track to becoming a great working relationship!”

Federica Cozzani
Senior Legal Counsel, Compre Group

Outlogic logo

Don't just take our word for it

“Jenai and Emma are amazing to deal with. They strike the right balance between understanding the business needs while doing it’s fiduciary duty to ensure we are on the right track from a legal, ethical and moral perspective. Working with HelloDPO’s guidance over the past 2 years has enabled X-Mode (now known as Outlogic) to be able to navigate complex and at times uncertain waters with GDPR in a strategic and ethical manner.”

Joshua Anton
CEO, Outlogic

Vue logo

Don't just take our word for it

“A great bespoke service, delivered flexibly by absolute experts in a friendly, collaborative and accessible way. I cannot recommend more highly!”

Clare Russell
Interim Head of Legal, Vue UK and Ireland

Jigsaw logo

Don't just take our word for it

“HelloDPO have been brilliant at getting our data compliance into shape. We have come such a long way in our ways of working and they are always on hand to help when we have complicated or urgent issues – they have simply become part of the team.”

Josh Towb
Head of Business Transformation, Jigsaw

Channel 4 logo

Don't just take our word for it

“The HelloDPO team have provided Channel 4 with a wide range of data protection advice over the years. Alison is always delightful to work with, and her advice is pragmatic and set within a commercial context, which is particularly helpful. HelloDPO runs regular DP Confessionals, which provide our team with a valuable wider industry view and a sense of issues which other organisations are struggling with, and the ways in which they are approaching them.”

Rebecca Miller
Channel 4

Mug of coffee

Let’s chat

Book a free 30 min discovery call with our expert team and we’ll advise how we can help.

Contact us