This document is intended to complement the Guidelines WP 250 and it reflects the common experiences of the Data Protection Authorities of the EEA since the GDPR became applicable. Its aim is to help data controllers in deciding how to handle data breaches and what factors to consider during risk assessment.
Note: This is a draft version of document.