EDPB clarifies personal data breach notification requirements for non-EU controllers
On 28 March 2023, the European Data Protection Board (“EDPB”) adopted updated guidelines on the obligation for non-EU established controllers to notify supervisory authorities (“SA”) following a personal data breach. Article 4(12) of the General Data Protection Regulation (“GDPR”) stipulates that a personal data breach occurs when there is an “accidental or unlawful destruction, loss,…