6 July 2021

Lessons learned from personal data breaches and their notifications


A requirement for controllers to notify supervisory authorities (SA) and individuals about personal data breaches (Articles 33 and 34 of GDPR) is a new addition to the EU data protection framework. This requirement has joined the extensive list of attempts to secure (individuals’) data. The understanding of this requirement has been shaped by pragmatic business perspective (i.e., how to get this requirement right and optimise your resources during this process) and more recently by SA enforcement actions. In view of the latter during the event, we will discuss what data breaches and their notifications to SAs and individuals have revealed about the GDPR.

In particular, the participants will elaborate on the following questions:

  • How do notification requirements concerning data personal data breaches interact with data protection principles (Article 5 of GDPR) and other GDPR provisions?
  • What actions do supervisory authorities take in response to personal data breach notifications?

Confirmed speakers:

  • Katharina Mayrhofer, Österreichische Datenschutzbehörde (Austrian Data Protection Authority)
  • David Stevens, Autorité de protection des données – Gegevensbeschermingsautoriteit (Belgian Data Protection Authority)
  • Gintare Pazereckaite, Secretariat of the European Data Protection Board
  • Shara Monteleone, Garante per la protezione dei dati personali (Italian Data Protection Authority)
  • Nicola Harrison, Data Protection Commission (Irish Data Protection Authority)
  • Marit Hansen, Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein (ULD, Kiel Data Protection Authority)
  • Jelena Burnik, Information Commissioner (Slovenian Data Protection Authority)


  • Lina Jasmontaite (VUB, LSTS, BPH)


Time: 6 July 2021, 15:00 - 17:00 (Brussels time)


15:00 – 15:05 Opening word

15:05 – 15:55 Discussion on interaction between data breach notifications & GDPR principles as well as other provisions


15:55 – 16:05 Q&A session

16:05 – 16:40 Discussion on actions taken by SAs in response to personal data breach notifications


16:45 – 16:55 Q&A session


16:55 – 17:00 Wrap up & closing remarks

Venue: online. The platform, together with the link to attend the event, will be communicated to the registered participants in due course.

Registration: The event is free to attend but registration is required. Should you face any difficulties with the registration form, please send an e-mail to info@brusselsprivacyhub.eu

Connect with us

Brussels Privacy Hub

Law Science Technology & Society (LSTS)

Vrije Universiteit Brussel

Pleinlaan 2 • 1050 Brussels




Stay informed

Keep up to date of our activities and developments. Sign up to our newsletter:

My Newsletter

Copyright © Brussels Privacy Hub