Data breaches

Copyright © 2025 LexisNexis

What is a personal data breach?

A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. See Practice Note: How to manage a personal data breach—What is a personal data breach?

Breach of Assimilated Regulation (EU) 2016/679, the UK GDPR Data Protection Regulation (UK GDPR) can expose commercial organisations to fines up to £17.5m or 4% of the total worldwide annual turnover, whichever is higher.

Breach management

An organisation’s breach management plan should include:

  1. containment and recovery

  2. assessment of ongoing risk

  3. notification of breach

  4. evaluation and response

To effect this plan, you will first require a data breach team.

See Practice Note: How to manage a personal data breach, which provides practical assistance to organisations faced with a personal data breach, and Precedent: Personal data breach plan for a sample breach management process. This

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

Existing user? Sign-in TAKE A FREE TRIAL
Powered by Lexis+®
Latest Risk & Compliance News

Jonathan Fisher KC updates on fraud offences and disclosure reform progress

Chair of the Home Office Independent Review of Disclosure and Fraud Offences, Jonathan Fisher KC has published an update outlining the progress of the review's second phase. The update identifies three focus areas: whistleblowing mechanisms for fraud detection, sentencing reform and technological/legislative changes. Fisher reports consulting over 120 stakeholders across the justice system and plans to submit final recommendations to the Home Secretary by end-2025. The review examines the Fraud Act 2006's effectiveness for internet fraud cases, which now constitute 43% of all recorded crime in England and Wales.

AI risks leaving UK businesses exposed to insurance gaps

Law360, London: Businesses that replace workers with artificial intelligence (AI) tools could face difficulties when they make claims under standard negligence insurance policies after consumers lose out, lawyers say.

Risk & Compliance weekly highlights—3 July 2025

This week's edition of Risk & Compliance weekly highlights includes: an analysis of the DUAA 2025 and its implications for UK data protection, OFSI’s updated general licences and new confidential reporting guidance, a Red Alert on Russian oil sanctions evasion, US sanctions targeting cybercrime infrastructure, and the SFO’s expanded international anti-corruption efforts.

OFSI updates UK Financial Sanctions FAQs

The Office of Financial Sanctions Implementation (OFSI) has updated its UK Financial Sanctions FAQs, adding FAQ 149 on ‘What constitutes an economic resource?’, FAQs 150–151 relating to Crown Dependencies and Overseas Territories and FAQ 152 on ‘When should securities held at designated local Russian registrars be reported to OFSI?’. Additionally, FAQs 123–124 have been moved to the withdrawn FAQs document.

View Risk & Compliance by content type :
News
Practice notes
Precedents
Q&As

Popular documents

Can a limited company make a subject access request? Can a director of a limited company ask for

Can a limited company make a subject access request? Can a director of a limited company ask for recordings of calls with us? If yes, what personal data must we provide?This Q&A draws on the Information Commissioner’s Office’s (ICO’s) guidance on business-to-business marketing, which may or may

What is the difference between an appeal and a review?

What is the difference between an appeal and a review?What is an appeal?An appeal in insolvency proceedings is no different to an appeal in normal litigation. An appeal will be allowed only if the appeal court is satisfied that the decision of the lower court was 'wrong' or 'unjust because of a

If a rentcharge is shown as being informally exonerated on title information, does this apply to the

If a rentcharge is shown as being informally exonerated on title information, does this apply to the current registered owner? Or does the informal exoneration only apply to the parties to the document which informally exonerated the rentcharge?This Q&A considers the situation where, at some

Can shares in a limited company that have not been paid-up at all be cancelled?

Can shares in a limited company that have not been paid-up at all be cancelled?A limited company having a share capital may not alter that share capital, except in the ways listed in section 617 of the Companies Act 2006 (CA 2006). Shares in a company cannot simply be cancelled without following an
Can a limited company make a subject access request? Can a director of a limited company ask for

Can a limited company make a subject access request? Can a director of a limited company ask for

Can a limited company make a subject access request? Can a director of a limited company ask for recordings of calls with us? If yes, what personal data must we provide?This Q&A draws on the Information Commissioner’s Office’s (ICO’s) guidance on business-to-business marketing, which may or may

What is the difference between an appeal and a review?

What is the difference between an appeal and a review?

What is the difference between an appeal and a review?What is an appeal?An appeal in insolvency proceedings is no different to an appeal in normal litigation. An appeal will be allowed only if the appeal court is satisfied that the decision of the lower court was 'wrong' or 'unjust because of a

If a rentcharge is shown as being informally exonerated on title information, does this apply to the

If a rentcharge is shown as being informally exonerated on title information, does this apply to the

If a rentcharge is shown as being informally exonerated on title information, does this apply to the current registered owner? Or does the informal exoneration only apply to the parties to the document which informally exonerated the rentcharge?This Q&A considers the situation where, at some

Can shares in a limited company that have not been paid-up at all be cancelled?

Can shares in a limited company that have not been paid-up at all be cancelled?

Can shares in a limited company that have not been paid-up at all be cancelled?A limited company having a share capital may not alter that share capital, except in the ways listed in section 617 of the Companies Act 2006 (CA 2006). Shares in a company cannot simply be cancelled without following an