Data breaches

Copyright © 2025 LexisNexis

What is a personal data breach?

A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. See Practice Note: How to manage a personal data breach—What is a personal data breach?

Breach of Assimilated Regulation (EU) 2016/679, the UK GDPR Data Protection Regulation (UK GDPR) can expose commercial organisations to fines up to £17.5m or 4% of the total worldwide annual turnover, whichever is higher.

Breach management

An organisation’s breach management plan should include:

  1. containment and recovery

  2. assessment of ongoing risk

  3. notification of breach

  4. evaluation and response

To effect this plan, you will first require a data breach team.

See Practice Note: How to manage a personal data breach, which provides practical assistance to organisations faced with a personal data breach, and Precedent: Personal data breach plan for a sample breach management process. This

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

Existing user? Sign-in TAKE A FREE TRIAL
Powered by Lexis+®
Latest Practice Compliance News

FCDO announces West Bank sanctions and pauses Israel trade talks

The Foreign, Commonwealth & Development Office, represented by Hamish Falconer MP and the Rt Hon David Lammy MP, announced new sanctions against three individuals, two illegal settler outposts and two organisations that have supported, incited or promoted violence against Palestinian communities in the West Bank. The measures, which include asset freezes, travel bans and director disqualifications, have been introduced in response to a significant escalation in settler violence – with the United Nations recording over 1,800 such attacks since January 2024. In addition, the Foreign Secretary declared a formal pause to negotiations on a new free trade agreement with Israel, although the government remains committed to the existing trade framework. His statement to Parliament unequivocally condemned the Israeli government’s policies in both the West Bank and Gaza, specifically its extensive ground operation in Gaza, which has raised serious humanitarian concerns such as the threat of starvation and forced displacement of Gazan civilians. The announcement was bolstered by a joint statement from the Prime Minister alongside the leaders of France and Canada, who also expressed strong opposition to the expansion of military operations and illegal settlements, underscoring the view that continued non-compliance could result in further action.

UK sanctions regime review lacks detail on beefing up meager enforcement

MLex: UK government plans to consolidate sanctions lists and speed up enforcement of civil-law breaches will be welcomed as aims, but the new plan fails to grasp the nettle of patchy enforcement. The latest look at the sanctions regime appears largely silent on how to improve matters: The government said it would look to increase the deterrent effect of enforcement, but appeared not to mention any new resources for investigators.

OFSI issues two General Licences for wind down and insurance payments

The Office of Financial Sanctions Implementation (OFSI) has issued two General Licences under The Russia (Sanctions) (EU Exit) Regulations 2019, SI 2019/855. General Licence INT/2025/6275812 permits the wind down of positions involving St Petersburg Currency Exchange and Non-bank Credit Organization Joint-Stock Company Petersburg Settlement Center. General Licence INT/2025/6279615 allows insurance premium payments to the Deposit Insurance Agency, creating a specific exemption from existing Russia sanctions restrictions.

Cross-governmental review of UK sanctions implementation and enforcement

The Foreign, Commonwealth & Development Office (FCDO), in partnership with HM Treasury, the Department for Business and Trade, the Department for Transport, HM Revenue & Customs, and the National Crime Agency, has published a policy paper outlining a cross-governmental review of the UK's sanctions implementation and enforcement. Initiated by the Minister for Europe in October 2024, the review aims to strengthen the enforcement model by focusing on compliance, deterrence, and enforcement powers, informed by external expert input. For the financial year 2025 to 2026, the government has committed to implementing several of the review’s recommendations. These include establishing a single sanctions list, publishing a government-wide sanctions enforcement strategy and consulting on an early civil settlement scheme for financial sanctions breaches and an accelerated civil penalty process. Longer-term plans involve enhancing intelligence sharing and supporting civil enforcement in overseas territories.

View Practice Compliance by content type :
News
Practice notes
Precedents
Q&As

Popular documents

Scotland—the process for applying for sequestration

Scotland—the process for applying for sequestrationSequestration in Scotland is the legal process by which an insolvent debtor’s estate is gathered in, realised and then distributed among their creditors by a trustee appointed for that purpose. The process requires that a formal award of

Financial clean break orders in family proceedings

Financial clean break orders in family proceedingsDuty of the court to consider a clean breakAlthough there is no presumption in favour of there being a financial clean break between parties on divorce, the court is under a duty to consider whether it would be appropriate to exercise its powers so

Late payment penalties—inheritance tax

Late payment penalties—inheritance taxWhile interest often accrues on overdue tax, the late payment of certain taxes may also attract a penalty. For information on the interest accruing on overdue tax, see Practice Notes: IHT—payment deadlines on death—Interest on IHT and Interest on late paid

Brussels I (recast)—domicile (Arts 4 and 63) [Archived]

Brussels I (recast)—domicile (Arts 4 and 63) [Archived]ARCHIVED: This Practice Note has been archived and is not maintained.This Practice Note considers the general rule set out in Article 4 of Regulation (EU) 1215/2012, Brussels I (recast) when determining the relevance of a defendant’s domicile to
Scotland—the process for applying for sequestration

Scotland—the process for applying for sequestration

Scotland—the process for applying for sequestrationSequestration in Scotland is the legal process by which an insolvent debtor’s estate is gathered in, realised and then distributed among their creditors by a trustee appointed for that purpose. The process requires that a formal award of

Financial clean break orders in family proceedings

Financial clean break orders in family proceedings

Financial clean break orders in family proceedingsDuty of the court to consider a clean breakAlthough there is no presumption in favour of there being a financial clean break between parties on divorce, the court is under a duty to consider whether it would be appropriate to exercise its powers so

Late payment penalties—inheritance tax

Late payment penalties—inheritance tax

Late payment penalties—inheritance taxWhile interest often accrues on overdue tax, the late payment of certain taxes may also attract a penalty. For information on the interest accruing on overdue tax, see Practice Notes: IHT—payment deadlines on death—Interest on IHT and Interest on late paid

Brussels I (recast)—domicile (Arts 4 and 63) [Archived]

Brussels I (recast)—domicile (Arts 4 and 63) [Archived]

Brussels I (recast)—domicile (Arts 4 and 63) [Archived]ARCHIVED: This Practice Note has been archived and is not maintained.This Practice Note considers the general rule set out in Article 4 of Regulation (EU) 1215/2012, Brussels I (recast) when determining the relevance of a defendant’s domicile to