Data breaches

Data breaches

What is a personal data breach?

A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. See Practice Note: How to manage a personal data breach—What is a personal data breach?

Breach of Assimilated Regulation (EU) 2016/679, the UK GDPR Data Protection Regulation (UK GDPR) can expose commercial organisations to fines up to £17.5m or 4% of the total worldwide annual turnover, whichever is higher.

Breach management

An organisation’s breach management plan should include:

•
containment and recovery
•
assessment of ongoing risk
•
notification of breach
•
evaluation and response

To effect this plan, you will first require a data breach team.

See Practice Note: How to manage a personal data breach, which provides practical assistance to organisations faced with a personal data breach, and Precedent: Personal data breach plan for a sample breach management process. This

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

TAKE A FREE TRIAL

Latest Practice Compliance News

Export Control Joint Unit announces Syria sanctions amendments and licence revocation

The Export Control Joint Unit has announced that amendments to Syria sanctions by the Foreign, Commonwealth and Development Office (FCDO) took effect from 25 April 2025. The changes include the removal of certain export prohibitions and the revocation of the general trade licence previously issued for earthquake relief efforts in Syria. The notice forms part of the ongoing notices to exporters collection addressing embargoes and sanctions.

Main challenges of EU AI Act-GDPR interplay identified by Member States

MLex: Potentially conflicting legal requirements, national governance approaches to ensure regulatory consistency, as well as clear legal advice to minimise the compliance burden, are the main issues seen by EU Member States in the interplay between the EU AI Act and the EU’s General Data Protection Regulation, Regulation (EU) 2016/679 (EU GDPR). European governments have pointed out that the two laws' diverging regulatory approaches might lead to conflicting outcomes, which should be avoided with systematic cooperation between the responsible authorities.

Fess up, or wait and see? SFO policy shift stirs DPA debate

Law360, London: The Serious Fraud Office's 'cast iron' promise that companies self-reporting wrongdoing will duck prosecution could lead to a new wave of settlements—but only if other controversial reforms push businesses to the negotiation table, lawyers say.

OFSI announces new and updated General Licences

The Office of Financial Sanctions Implementation (OFSI) has issued new General licence INT/2025/6135848, updated INT/2025/6160920 and amended licence INT/2025/5855272. General licence INT/2025/6135848 permits asset and liability transfers for the UBS-Credit Suisse integration under Russia sanctions regulations. General licence INT/2025/6160920 updates the framework for legal services, replacing the previous licence. OFSI also amended licence INT/2025/5855272 to include the International Maritime Organisation in permitted membership fee payments to international organisations.

View Practice Compliance by content type :

News