Personal data breach plan

Copyright © 2025 LexisNexis
Published by a LexisNexis Risk & Compliance expert
Precedents

Personal data breach plan

Copyright © 2025 LexisNexis

Published by a LexisNexis Risk & Compliance expert

Precedents
imgtext

    1. 1

      Introduction

      1. 1.1

        This Personal data breach plan:

        1. 1.1.1

          places obligations on staff to report actual or suspected personal data breaches; and

        1. 1.1.2

          sets out our procedure for managing and recording actual or suspected breaches.

      1. 1.2

        This plan applies to all staff[ in the UK], and to all Personal data and special category personal data held by [insert organisation’s name]. This plan supplements our policies relating to [insert policies, eg Data protection, information security and any other relevant policies].

      1. 1.3

        The table below explains some key terminology used in this plan:

    TermMeaning
    Personal data breachA breach of data security leading to the:—accidental or unlawful destruction of;—loss of;—alteration of;—unauthorised disclosure of; or—access to;personal data transmitted, stored or otherwise processed, eg accidental loss, destruction, theft, corruption or unauthorised disclosure of personal data.
    Personal dataInformation relating to a living individual who can be identified (directly or indirectly) from that information.
    Data subjectThe individual to whom the personal data relates.
    Special category personal data (sometimes known as sensitive personal data)Personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membershipGenetic dataBiometric data (where used for
Powered by Lexis+®
Jurisdiction(s):
United Kingdom
Key definition:
Personal data definition
What does Personal data mean?

Personal data means data relating to a living individual who can be identified from such data, either alone or with other information in the data controller’s possession. It includes opinions about, and intentions in relation to the data subject.

Read more readmore

Popular documents

Priority between loss reliefs in loss making companies

Priority between loss reliefs in loss making companiesWhy does it matter?A company that is a member of a group and has incurred any of the types of losses available for surrender by way of group relief may, without any further rules, have more than one way in which to use the loss. There are a

If a rentcharge is shown as being informally exonerated on title information, does this apply to the

If a rentcharge is shown as being informally exonerated on title information, does this apply to the current registered owner? Or does the informal exoneration only apply to the parties to the document which informally exonerated the rentcharge?This Q&A considers the situation where, at some

If a beneficiary signs a deed of disclaimer of their share of an estate and the estate pays their legal

If a beneficiary signs a deed of disclaimer of their share of an estate and the estate pays their legal fees, will that count as a PET against their estate?A disclaimer is the refusal of a gift prior to acceptance. The refusal of the gift must take place before the beneficiary accepts any benefit

Can shares in a limited company that have not been paid-up at all be cancelled?

Can shares in a limited company that have not been paid-up at all be cancelled?A limited company having a share capital may not alter that share capital, except in the ways listed in section 617 of the Companies Act 2006 (CA 2006). Shares in a company cannot simply be cancelled without following an