Data Breach Support Service
No matter how hard an organisation tries data breaches are a fact of life. They happen regularly – some are more serious than others.
According to the UK GDPR a breach is:
“a breach of [your] security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed”
There is guidance as to what counts as destruction, loss, alteration or disclosure.
Typical examples of breaches are:
Access to personal data by an unauthorised third party;
Sending personal data to an incorrect recipient, for instance by email or in the post
Loss or theft of laptops, tablets, phones …
Alteration of personal data without permission; and
Loss of availability of personal data
If you suffer a personal data breach you need to act quickly to find out what has happened, assess the risk of harm to individuals. Unless risk of harm is unlikely then the matter needs to be reported to the ICO.
The ICO will expect a report without undue delay and at the latest within 72 hours of discovery of the breach. They expect you to be able to tell them certain matter such as what happened, the effect upon individuals and what you are doing to put matters right.
If a breach poses a high risk of harm to individuals then you need to tell them as well and provide certain information.
DPA/OK is able to support you if you suffer a personal data breach and call-in specialist support if the breach is of a technical nature.