Proposal for a regulation of the European Parliament and of the Council on harmonised rules on fair access to and use of data (Data Act)

With the Data Act, the EU Commission intends to enact comprehensive rules for a fair and innovative data economy in the EU and thus, in particular, specify who is entitled to make commercial use of non-personal data generated in the EU, especially data collected, obtained or otherwise generated by connected products or related services in the so called internet of things (IoT).
However, the General Data Protection Regulation (GDPR) continues to apply to the processing of personal data by manufacturers of products and providers of services as well as the right to access personal data.

March 14, 2023, press conference by Pilar del CASTILLO VER (Rapporteur) and Thierry BRETON (Commissioner for the Internal Market) on the proposal for a regulation of the European Parliament and of the Council on harmonised rules on fair access to and use of data [Data Act; 2022/0047 (COD)]

European Data Protection Board (EDPB) Guidelines 01/2021 on Examples regarding Personal Data Breach Notification [Version 2.0]

The European Data Protection Board (EDPB) Guidelines 01/2021 on Examples regarding Personal Data Breach Notification [Version 2.0] contain useful information regarding the assessment of the data breach notification obligation under article 33 GDPR and article 34 GDPR. Furthermore, these guidelines include a list of various exemplary scenarios and considerations as to whether or not there is an obligation to notify the competent supervisory authority (article 33 GDPR) and/or an obligation to inform the data subjects (article 34 GDPR) based on the assessment of the specific risks to the rights and freedoms of natural persons.

123