Personal data breach plan
Personal data breach plan

The following Risk & Compliance precedent provides comprehensive and up to date legal information covering:

  • Personal data breach plan

IP COMPLETION DAY: 11pm (GMT) on 31 December 2020 marks the end of the Brexit transition/implementation period entered into following the UK’s withdrawal from the EU. At this point in time (referred to in UK law as ‘IP completion day’), key transitional arrangements come to an end and significant changes begin to take effect across the UK’s legal regime. This document contains guidance on subjects impacted by these changes. Before continuing your research, see Practice Note: What does IP day mean for Risk & Compliance?

    1. 1


      1. 1.1

        This personal data breach plan:

        1. 1.1.1

          places obligations on staff to report actual or suspected personal data breaches; and

        1. 1.1.2

          sets out our procedure for managing and recording actual or suspected breaches.

      1. 1.2

        This plan applies to all staff[ in the UK], and to all personal data and special category personal data held by [insert organisation’s name]. This plan supplements our policies relating to [data protection, information security and list any other relevant policies].

      1. 1.3

        The table below explains some key terminology used in this plan:

    Personal data breachA breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed—eg accidental loss, destruction, theft, corruption or unauthorised disclosure of personal data.
    Personal dataInformation relating to an individual who can be identified (directly or

Popular documents