Managing personal data breaches
Managing personal data breaches

The following Risk & Compliance practice note provides comprehensive and up to date legal information covering:

  • Managing personal data breaches
  • Data security requirements
  • What is a personal data breach?
  • Why should you worry about personal data breaches?
  • What if you use a data processor?
  • Breach management
  • Data Breach Team
  • Containment and recovery
  • Assess and record the risk
  • Notification of breach
  • More...

IP COMPLETION DAY: 11pm (GMT) on 31 December 2020 marks the end of the Brexit transition/implementation period entered into following the UK’s withdrawal from the EU. At this point in time (referred to in UK law as ‘IP completion day’), key transitional arrangements come to an end and significant changes begin to take effect across the UK’s legal regime. This document contains guidance on subjects impacted by these changes. Before continuing your research, see Practice Note: What does IP day mean for Risk & Compliance?

This document reflects the UK GDPR regime. References and links to the GDPR refer to the UK GDPR (Retained Regulation (EU) 2016/679) unless expressly stated otherwise.

Data security is a cornerstone of the General Data Protection Regulation (GDPR). The sixth data protection principle (the integrity and confidentiality principle) requires you to take appropriate technical and organisational measures to process personal data in a manner that ensures appropriate security, including:

  1. protection against unauthorised or unlawful processing

  2. accidental loss, destruction or damage

This Practice Note reflects ICO guidance on personal data breaches under the GDPR. It also contains additional useful practical information set out in ICO guidance on data security breach management issued under the previous data protection regime.

Data security requirements

Article 32 puts more flesh on the bones of the GDPR’s integrity and confidentiality principle. You are required to implement appropriate technical and organisational

Popular documents