A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes. It also means that a breach is more than just about losing personal data.
Responding to a personal data breach
We have in place a process to assess the likely risk to individuals as a result of a breach.
- We know who is the relevant supervisory authority for our processing activities.
- We have a process to notify the Data Protection of a breach within 72 hours of becoming aware of it, even if we do not have all the details yet.
- We know what information we must give the Data Protection about a breach.
- We have a process to inform affected individuals about a breach when it is likely to result in a high risk to their rights and freedoms.
- We know we must inform affected individuals without undue delay.
- We know what information about a breach we must provide to individuals, and that we should provide advice to help them protect themselves from its effects.
- We document all breaches, even if they don’t all need to be reported.
back to knowledgebase