Pursuant to Article 33 of Regulation (EU) 2016/679, data controllers have the obligation to notify a personal data breach to the supervisory authority. The Commission for Personal Data Protection, which is the supervisory authority in the Republic of Bulgaria, processes the notifications received, examines and assesses the specific facts and circumstances, and carries out a comprehensive monitoring and analysis of the processes relating to the type and characteristics of the information contained in the notifications.
It is the primary responsibility of controllers and processors to implement appropriate technical and organisational measures to ensure data security.
In recent months, the CPDP has seen an increase in data breach notifications regarding cybersecurity breaches. In this regard, and in order to promote the awareness of controllers and processors of their obligations stemming from the applicable data protection legislation, the CPDP has published a short document containing advices on improving information security – HERE.
