Data breach—panic sheet
Data breach—panic sheet

The following Risk & Compliance precedent provides comprehensive and up to date legal information covering:

  • Data breach—panic sheet

IP COMPLETION DAY: 11pm (GMT) on 31 December 2020 marks the end of the Brexit transition/implementation period entered into following the UK’s withdrawal from the EU. At this point in time (referred to in UK law as ‘IP completion day’), key transitional arrangements come to an end and significant changes begin to take effect across the UK’s legal regime. This document contains guidance on subjects impacted by these changes. Before continuing your research, see Practice Note: What does IP day mean for Risk & Compliance?

1. Data breach team

Damage limitation is a priority immediately following a security breach. You will need a team of people to manage the data breach.

What should you do?

☐ Assemble a data breach team, including your Data Protection Officer (DPO) (if you have one), head of legal/compliance, head of IT and head of HR (if employee data is involved).

☐ Appoint someone to lead the team (preferably not your head of IT).

2. Preliminary notifications

Your first instinct may be to tell affected individuals and regulators about the breach, but you need more information before you can decide whether this is necessary or desirable—the time limit for notifying the Information Commissioner’s Office (ICO) under the General Data Protection Regulation (GDPR) is 72 hours from becoming aware of the breach and the GDPR Recitals suggest you

Popular documents