TL;DR – The current high variation across EU member states in breach notifications indicates controllers in some countries don’t take this obligation seriously, thereby risking seriously increased impact on affected natural persons.
For example, 2020 breach notification rates in France and Italy were respectively just 2.1% and 1.5% of the rate in the Netherlands. The European Data Protection Board needs to achieve a consistent adherence to breach notification obligations across all member states.
I also feel the draft guidelines interpretation of GDPR data breach risk assessment requirements are significantly inaccurate and understated.