Managing Data Breaches Between Data Protection and Cybersecurity.
Conference organized by Paradigma S.p.A. - 3 Aprile 2025.
The program features technical-legal presentations by leading experts in the field. Key topics include:
- Definition and types of data breaches under the GDPR and EDPB Guidelines 1/2021: ransomware attacks, data exfiltration, human errors and misdirected communications, lost or stolen devices, breaches caused by poor password management or AI misuse.
- Risk assessment and criteria triggering the notification obligation: ENISA methodology, accountability, and the DPO’s role.
- Sanctioning and remedial consequences of data breaches: corrective powers of supervisory authorities, administrative fines, and compensatory liability, with analysis of the most recent case law.
1. Notification to the Supervisory Authority (Article 33 GDPR)
- The moment when a controller becomes “aware” of a breach.
- Obligations of processors and joint controllers.
- Mandatory contents of the notification and the possibility of phased reporting ("without undue further delay", Article 33.4).
- Situations where notification is not required.
- When and how to inform affected individuals.
- What information to provide and in what format.
- Criteria for exemption from notification (e.g., encrypted data or risk mitigation measures).
- Official interpretations and practical scenarios clarifying notification thresholds.
- Analysis of common errors in notifications submitted by organizations.
- How to prepare for a breach: internal templates and procedures.
- Managing the tight GDPR timeframe (72 hours).
- Coordinating with the DPO and internal incident response teams.
Workshop Schedule
