w3c
Guide for Data Breach
The GDPR Article 33 and 34 requires keeping records associated with suspicion or occurrence of a data breach and its impacts, including any communications to the data subjects or authorities regarding it. This GUIDE-GDPR-DataBreach will provide guidance to implement machine-readable Data Breach records and notifications using the DPV. The scope of this guide would be to create machine-readable records and notices that can provide the information as required for implementing data breach records, assessments, and notifications according to GDPR requirements. The scope as of now does not include providing tools or libraries for the creation of data breach assessment or notification tools or interfaces or other means to work with this information.
The peer-reviewed article - Towards a Semantic Specification for GDPR Data Breach Reporting authored by DPVCG members Harshvardhan J. Pandit, Paul Ryan, Georg P. Krog, and Rob Brennan is the basis for this work. This will include work conducted in #64 and #100, and the existing draft at https://w3id.org/dpv/guides/data-breach will be updated for new concepts developed in DPV v2.1 and v2.2.
Comment by @coolharsh55 via IRC channel #dpvcg on irc.w3.org
the risk assessment concepts in #104 are likely to be accepted - this work should be modified to build on them.
Comment by @coolharsh55 via IRC channel #dpvcg on irc.w3.org
the concepts in #104 have been accepted, this guide should be updated by incorporating those