Data breach assessment and action plan
Data breach assessment and action plan

The following Risk & Compliance precedent provides comprehensive and up to date legal information covering:

  • Data breach assessment and action plan

IP COMPLETION DAY: 11pm (GMT) on 31 December 2020 marks the end of the Brexit transition/implementation period entered into following the UK’s withdrawal from the EU. At this point in time (referred to in UK law as ‘IP completion day’), key transitional arrangements come to an end and significant changes begin to take effect across the UK’s legal regime. This document contains guidance on subjects impacted by these changes. Before continuing your research, see Practice Note: What does IP day mean for Risk & Compliance?

    1. 1

      Data breach team

      The first step is to assemble a team to manage and respond to the breach.

      Data breach team lead[Insert the name or description of the person who will lead the data breach team, eg DPO]
      [Data protection officer (DPO)][[Insert name]]
      Head of legal[Insert name]
      Head of compliance[insert name]
      Head of IT[Insert name]
      [Insert any other, eg Head of HR if the breach involves employee data][Insert name]
    1. 2

      Background information

      Refer to the data breach report form, if appropriate.

      Name of person notifying the actual or suspected breach[Insert name]
      Dept and manager[Insert department from which the report emanates and manager for that department]
      Date of actual or suspected breach[Insert date]
      Date of discovery of actual or suspected breach[Insert date]
      Date actual or suspected breach notified internally[Insert date]
    1. 3

      Preliminary assessment

      As soon as possible, you should take steps to

Popular documents