The following Risk & Compliance Q&A provides comprehensive and up to date legal information covering:
This Q&A considers whether commercial organisations are obliged to comply with GDPR personal data breach reporting requirements during the coronavirus (COVID-19) epidemic.
You must notify the ICO of a personal data breach without undue delay and, where feasible, not later than 72 hours after having become aware of it. The only exception is where the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. This will require some sort of preliminary assessment of the severity of the data breach in advance of making a decision about whether to notify.
This approach is endorsed in WP 29, Guidelines on Personal data breach notification:
‘After first being informed of a potential breach…or when it has itself detected a security incident, the controller may undertake a short period of investigation in order to establish whether or not a breach has in fact occurred. During this period of investigation the controller may not be regarded as “being aware”. However, it is expected that the initial investigation should begin as soon as possible and establish with a reasonable degree of certainty whether a breach has taken place; a more detailed investigation can then follow.’
Where the ICO notification is not made within 72 hours, you must give reasons for the delay.
Reports are made via the ICO’
**Trials are provided to all LexisPSL and LexisLibrary content, excluding Practice Compliance, Practice Management and Risk and Compliance, subscription packages are tailored to your specific needs. To discuss trialling these LexisPSL services please email customer service via our online form. Free trials are only available to individuals based in the UK. We may terminate this trial at any time or decide not to give a trial, for any reason. Trial includes one question to LexisAsk during the length of the trial.
To view the latest version of this document and thousands of others like it, sign-in to LexisPSL or register for a free trial.
Existing user? Sign-in
Take a free trial
Statutory declaration of solvencyA company enters voluntary liquidation when the members of the company vote to do so by a special resolution. For more information, see Practice Note: What is a members' voluntary liquidation (MVL) and where/when is it typically used?Before the members can vote on a
The principles of the notarial act are that it is:•an act of the notary and not of the parties named in the document•a record of a fact, event or transaction•in the form of a document, notwithstanding the form of the underlying document, fact, event or transactionThe purpose of the notarial act is
What is recklessness?In respect of some statutory offences and common law crimes the prosecution are required to prove a mental element of recklessness on the part of the defendant.Recklessness means unjustified risk taking on the part of the accused.Prior to the House of Lords decision in Re G
This Practice Note provides a high-level introduction to diversity and inclusion (D&I) and key reasons why it is important to law firms. Specific aspects of D&I are covered in more detail in Practice Notes:•The growing focus on diversity and inclusion (D&I) in law firms•Unconscious bias—law
0330 161 1234
To view our latest legal guidance content,sign-in to Lexis®PSL or register for a free trial.