Personal Data Breach: What do you need to consider under GDPR?

With many changes to our working practices on the horizon it’s easy to forget the importance of understanding what to do when things go wrong. There are specific requirements in GDPR setting out what we should do if we have caused a “personal data breach”, none more obvious than the need to report it within, ideally, 72 hours.

First let’s consider the definition of a Personal Data Breach: “A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This includes breaches that are a result of both accidental and deliberate cause. It also means that a breach is more than just about losing personal data.”

 Firms have a duty to report certain types of data protection breaches to relevant authorities within 72 hours of when the firm is first aware of the breach. However, we are not obliged to report all breaches, so what should we do to understand whether the requirement applies to us or not. Well, when a breach has occurred you should...

To find out more - click here.