Massive online personal data breaches continue to be a growing issue given their detrimental effects in terms of both data protection and cybersecurity. These events have become a valuable source of information for cybercriminals, who are increasingly abusing the leaked personal data of affected individuals to carry out more effective and efficient cyberattacks. This session will tackle this growing problem and discuss potential initiatives to complement measures taken by data controllers in order to assist them in the task of notifying individuals and preventing further damage to them. It will analyse existing initiatives from a data protection angle and explore their potential to complement the current GDPR implementation measures for data breach notifications. The panel will also take a prospective look at possible novel EU initiatives to reinforce and complement existing strategies in this regard.