Data breaches

Copyright © 2025 LexisNexis

What is a personal data breach?

A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. See Practice Note: How to manage a personal data breach—What is a personal data breach?

Breach of Assimilated Regulation (EU) 2016/679, the UK GDPR Data Protection Regulation (UK GDPR) can expose commercial organisations to fines up to £17.5m or 4% of the total worldwide annual turnover, whichever is higher.

Breach management

An organisation’s breach management plan should include:

  1. containment and recovery

  2. assessment of ongoing risk

  3. notification of breach

  4. evaluation and response

To effect this plan, you will first require a data breach team.

See Practice Note: How to manage a personal data breach, which provides practical assistance to organisations faced with a personal data breach, and Precedent: Personal data breach plan for a sample breach management process. This

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

Existing user? Sign-in TAKE A FREE TRIAL
Powered by Lexis+®
Latest Risk & Compliance News

OFSI updates general guidance on UK financial sanctions

The Office of Financial Sanctions Implementation (OFSI) has updated its general guidance on UK financial sanctions to include Designated Money Service Businesses as a licensing ground under section 6.6. This licensing ground permits OFSI to issue licences that allow funds to be returned to non-designated persons from designated Money Service Businesses, provided specific conditions are met.

OFSI and HMT update guidance on Russian Oil Services ban

The Office of Financial Sanctions Implementation (OFSI) and HM Treasury (HMT) have updated the Tier 2/3 notification that Tier 1 Provider has not confirmed compliance with reporting requirements under INT/2022/2469656 form, as part of their guidance on the Russian Oil Services ban.

Risk & Compliance weekly highlights—24 July 2025

This week's edition of Risk & Compliance weekly highlights includes: all the latest news on sanctions, including the world’s first sanctions regime targeting irregular migration gangs, publication of the long-awaited fourth national money laundering and terrorist financing risk assessment, publication of the government’s response to its 2024 consultation on the Money Laundering Regulations 2017, an update on the government’s ransomware consultation, and the latest whistleblowing developments.

UK considering AI legislation, preparing consultation, Minister for Science says

MLex: The UK is considering drafting legislation for artificial intelligence technologies and is preparing a consultation on the bill’s coverage, the Minister for Science.

View Risk & Compliance by content type :
News
Practice notes
Precedents
Q&As

Popular documents

Can I charge a fee for dealing with a data subject access request?

Can I charge a fee for dealing with a data subject access request?The General Data Protection Regulation (GDPR) provides for enhanced rights for data subjects including providing rights of rectification, erasure and restriction of processing, data portability, a right to object to processing and a

Can a limited company make a subject access request? Can a director of a limited company ask for

Can a limited company make a subject access request? Can a director of a limited company ask for recordings of calls with us? If yes, what personal data must we provide?This Q&A draws on the Information Commissioner’s Office’s (ICO’s) guidance on business-to-business marketing, which may or may

What is the difference between an appeal and a review?

What is the difference between an appeal and a review?What is an appeal?An appeal in insolvency proceedings is no different to an appeal in normal litigation. An appeal will be allowed only if the appeal court is satisfied that the decision of the lower court was 'wrong' or 'unjust because of a

If a rentcharge is shown as being informally exonerated on title information, does this apply to the

If a rentcharge is shown as being informally exonerated on title information, does this apply to the current registered owner? Or does the informal exoneration only apply to the parties to the document which informally exonerated the rentcharge?This Q&A considers the situation where, at some
Can I charge a fee for dealing with a data subject access request?

Can I charge a fee for dealing with a data subject access request?

Can I charge a fee for dealing with a data subject access request?The General Data Protection Regulation (GDPR) provides for enhanced rights for data subjects including providing rights of rectification, erasure and restriction of processing, data portability, a right to object to processing and a

Can a limited company make a subject access request? Can a director of a limited company ask for

Can a limited company make a subject access request? Can a director of a limited company ask for

Can a limited company make a subject access request? Can a director of a limited company ask for recordings of calls with us? If yes, what personal data must we provide?This Q&A draws on the Information Commissioner’s Office’s (ICO’s) guidance on business-to-business marketing, which may or may

What is the difference between an appeal and a review?

What is the difference between an appeal and a review?

What is the difference between an appeal and a review?What is an appeal?An appeal in insolvency proceedings is no different to an appeal in normal litigation. An appeal will be allowed only if the appeal court is satisfied that the decision of the lower court was 'wrong' or 'unjust because of a

If a rentcharge is shown as being informally exonerated on title information, does this apply to the

If a rentcharge is shown as being informally exonerated on title information, does this apply to the

If a rentcharge is shown as being informally exonerated on title information, does this apply to the current registered owner? Or does the informal exoneration only apply to the parties to the document which informally exonerated the rentcharge?This Q&A considers the situation where, at some