Data breaches

What is a personal data breach?

A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. See Practice Note: How to manage a personal data breach—What is a personal data breach?

Breach of Assimilated Regulation (EU) 2016/679, the UK GDPR Data Protection Regulation (UK GDPR) can expose commercial organisations to fines up to £17.5m or 4% of the total worldwide annual turnover, whichever is higher.

Breach management

An organisation’s breach management plan should include:

  1. containment and recovery

  2. assessment of ongoing risk

  3. notification of breach

  4. evaluation and response

To effect this plan, you will first require a data breach team.

See Practice Note: How to manage a personal data breach, which provides practical assistance to organisations faced with a personal data breach, and Precedent: Personal data breach plan for a sample breach management process. This

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

Powered by Lexis+®
Latest Practice Compliance News
View Practice Compliance by content type :

Popular documents