A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. See Practice Note: How to manage a personal data breach—What is a personal data breach?
Breach of Assimilated Regulation (EU) 2016/679, the UK General Data Protection Regulation (UK GDPR) can expose commercial organisations to fines up to £17.5m or 4% of the total worldwide annual turnover, whichever is higher.
An organisation’s breach management plan should include:
containment and recovery
assessment of ongoing risk
notification of breach
evaluation and response
To effect this plan, you will first require a data breach team.
See Practice Note: How to manage a personal data breach, which provides practical assistance to organisations faced with a personal data breach, and Precedent: Personal data breach plan for a sample breach management process. This process is intended to
To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.
**Trials are provided to all LexisNexis content, excluding Practice Compliance, Practice Management and Risk and Compliance, subscription packages are tailored to your specific needs. To discuss trialling these LexisNexis services please email customer service via our online form. Free trials are only available to individuals based in the UK, Ireland and selected UK overseas territories and Caribbean countries. We may terminate this trial at any time or decide not to give a trial, for any reason. Trial includes one question to LexisAsk during the length of the trial.
The Solicitors Regulation Authority (SRA) has published guidance on terminating client retainers, clarifying the circumstances in which solicitors and...
This week's edition of Practice Compliance weekly highlights includes changes to the UK financial sanctions framework, the SRA’s upcoming July 2026...
The Solicitors Regulation Authority (SRA) has announced that its annual anti-money laundering (AML) and sanctions data collection exercise is...
Corporate Crime analysis: In this update, corporate crime experts Elliott Kenton, partner, and James Camidge, solicitor, at Weightmans, distil the...
If a rentcharge is shown as being informally exonerated on title information, does this apply to the current registered owner? Or does the informal exoneration only apply to the parties to the document which informally exonerated the rentcharge?This Q&A considers the situation where, at some
If a beneficiary signs a deed of disclaimer of their share of an estate and the estate pays their legal fees, will that count as a PET against their estate?A disclaimer is the refusal of a gift prior to acceptance. The refusal of the gift must take place before the beneficiary accepts any benefit
Contributory negligence in personal injury claimsContributory negligence is a partial defence which can lead to a discount in damages.Other defences may also be relevant. See Practice Notes: Did the claimant consent to the risk of injury? and Was the claimant involved in an illegal activity?If a
Template for regulatory references given by SMCR firms and disclosure requirements[Insert addressee details]Dear [insert name][It is our understanding that [insert name of prospective employee] [was an employee of yours between the dates of [insert dates as appropriate] OR is a current employee of
0330 161 1234