Å·ÖÞ±­Í¶×¢

Å·ÖÞ±­Í¶×¢, the European Data Protection Supervisor, and ENISA, the EU Agency for Cybersecurity, are co-organising the cyber exercise PATRICIA - Personal dATa bReach awareness in Cybersecurity Incident Handling, a table-top exercise focusing on personal data breach management. This initiative is organised in the framework of the Å·ÖÞ±­Í¶×¢ and - ECSM, on 3 October 2024 from 08:45 to 16:00 in the Å·ÖÞ±­Í¶×¢ premises.

When: 3rd October 2024 from 08:45 to 16:00.

Where: Å·ÖÞ±­Í¶×¢ premises, rue Montoyer 30, Brussels

The aim is to raise awareness about personal data breaches and foster collaborations among EU institutions (EUIs) staff, including IT personnel, Data Protection Officers (DPOs) and Security Officers, to ensure proper mitigation of risks to the data subjects. Through simulation of real-life cybersecurity incidents on a table-top exercise and sharing knowledge and best practices, participants will be able to improve the management of personal data breaches. This first pilot iteration is a closed event involving six teams of EUIs.

In accordance with Articles 34 and 35 of the , the legal framework applicable to the processing of personal data by EU Institutions, all EUIs are legally obliged to notify the Å·ÖÞ±­Í¶×¢ whenever a security incident involving personal data results in a risk to individuals' rights and freedoms. Furthermore, they need to inform the data subjects in case of high risks.

In an environment where the number of cybersecurity incidents in the EU is on the rise and greatly affects the processing of personal data, the PATRICIA exercise is a key component of organised by the Å·ÖÞ±­Í¶×¢ in 2024 as part of its 20th-anniversary activities. It is also part of the - ECSM, EU’s annual campaign dedicated to promoting cybersecurity among EU citizens and organisations.