The European Data Protection Board has recently published Guidelines on examples regarding data breach notification. They aim to help data controllers in deciding how to handle data breaches and what factors to consider when assisting their GDPR obligations. 

The Guidelines canvass a range of data breach notification cases considered most frequent by data protection authorities including ransomware attacks, security incidents with exfiltration, internal compromises, accidental transmissions, and lost or stolen devices and hard copy data. 

These Guidelines also highlight the factors that should be given further consideration when conducting a risk assessment and determining whether the obligations to notify a data protection authority or data subject have been triggered. 

These Guidelines are currently the subject of public consultation for a period of six weeks.