Since the entry into force of the GDPR, data protection authorities (DPAs) have closely cooperated to adopt a growing number of one-stop-shop decisions on data security and data breaches. The one-stop-shop case digest on security of processing and data breach notification offers valuable insights into how DPAs have interpreted and applied GDPR provisions on security and data breaches in diverse scenarios, such as hacking, ransomware, or accidental data disclosure. It also refers to available guidance at EU level, relevant cases before the Court of Justice of the European Union, as well as decisions and guidance adopted at national level.

The EDPB commissioned the one-stop-shop case digest as part of the Support Pool of Experts programme, which aims to support cooperation among DPAs by providing expertise and tools related to enforcement.

Project conducted by external expert Prof. Eleni Kosta and completed in November 2023.

Objective

Thematic one-stop-shop case digests are drafted on the basis of one-stop-shop decisions taken from the EDPB’s public register (based on Article 60 of the GDPR). Such case digests complement the EDPB's public register by selecting and presenting the most important decisions on a given theme and providing an overview and aggregate results of relevant decisions on this theme.