Personal data breach plan

The following Risk & Compliance precedent provides comprehensive and up to date legal information covering:

  • Personal data breach plan

Personal data breach plan

    1. 1

      Introduction

      1. 1.1

        This personal data breach plan:

        1. 1.1.1

          places obligations on staff to report actual or suspected personal data breaches; and

        1. 1.1.2

          sets out our procedure for managing and recording actual or suspected breaches.

      1. 1.2

        This plan applies to all staff[ in the UK], and to all personal data and special category personal data held by [insert organisation’s name]. This plan supplements our policies relating to [data protection, information security and list any other relevant policies].

      1. 1.3

        The table below explains some key terminology used in this plan:

    TermMeaning
    Personal data breachA breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed—eg accidental loss, destruction, theft, corruption or unauthorised disclosure of personal data.
    Personal dataInformation relating to a living individual who can be identified (directly or indirectly) from that information.
    Data subjectThe individual to whom the personal data relates.
    Special category personal data (sometimes known as sensitive personal data)Personal data about an individual’s race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership (or non-membership), genetic information, biometric information (where used to identify an individual) and information concerning an individual’s health, sex life or sexual orientation.
    [[Data protection officer (DPO) OR Data protection manager (DPM)]][The person we appoint from time to time to [lead OR be involved]

Popular documents