Does a company need to report a lost or stolen laptop under the GDPR?

| Author: Secretariat | Filed under: General News
Does a company need to report a lost or stolen laptop under the GDPR?

Possibly. The European Data Protection Board (EDPB) issued draft practical guidance on various types of data breaches to assist companies with identifying situations in which a data security incident may need to be reported to EU supervisory authorities (the government regulator for privacy in various EU member countries). In instances of a lost or stolen laptop, whether notification will be required depends on whether the data was encrypted or password-protected and on the sensitivity of the data contained on the device. The EDPB states that strong encryption would permit a controller to avoid notification, although the event should be internally documented pursuant to Article 34.

In contrast, notification to both the supervisory authority and the individuals would be required if large amounts of unencrypted personal information were contained on the lost or stolen device, even if the personal data itself was not sensitive.

The guidance is not clear about whether use of a strong password alone, but not encryption, would be sufficient to avoid notification. If the data protected by the password is highly sensitive, then a supervisory authority may find that notification is required, notwithstanding the use of a password.

Source: The National Law Review

Working with the Law Society

The ABI is the only association in this industry to be recognised by the Law Society of England and Wales, and included in the Law Society of Scotland's approved Supplier Scheme.

The highest independent professional bodies for solicitors put their trust in us. We’re confident you can do the same.

The ABI other partners also recognise the value of affiliation to the principal professional body in the investigation and litigation support sector:

COURTSDESK SEARCHER is an on-demand search for court cases, or parties involved in court cases, in England and Wales and the Republic of Ireland.
Scotland Law Society logo
Professional Indemnity Insurance
Thank you, your message has been sent.
A member of our team will be in touch shortly.