IDPC official delivers educational talk on Personal Data Breaches

24 March 2025

The Office of the Information and Data Protection Commissioner was recently invited by ISACA Malta Chapter to deliver an educational talk. The topic selected for this session was ‘Navigating Security Incidents that lead to Personal Data Breaches from a GDPR perspective’.

As the cybersecurity landscape continues to evolve, organisations of all sizes are increasingly susceptible to sophisticated cyber threats. The European Union Agency for Cybersecurity (ENISA) has reported an alarming rise in cyberattacks, particularly highlighting ransomware and social engineering as some of the most disruptive attacks. The repercussions of these incidents can be extensive, especially when personal data are compromised.

The session delivered by Dr Kathleen Xerri provided a comprehensive overview of the legal requirements related to the handling of security incidents resulting in personal data breaches, in particular, the notification obligations imposed on the controllers which emanate from article 33 and 34 of the General Data Protection Regulation.

The session also focused on the need to shift from a purely preventative stance to one of preparedness. Despite any efforts to prevent breaches, breaches can still occur. In today's digital landscape, cyber threats are not a matter of "if" but "when." Therefore, organisations should adopt a proactive approach and implement well-defined incident response plan. Effectively navigating the intricacies of incident response is crucial, not only for minimising potential damage to the organisation, but also for mitigating the risks to the rights and freedoms of the affected data subjects.