Data breaches

Copyright © 2025 LexisNexis

What is a personal data breach?

A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. See Practice Note: How to manage a personal data breach—What is a personal data breach?

Breach of Assimilated Regulation (EU) 2016/679, the UK GDPR Data Protection Regulation (UK GDPR) can expose commercial organisations to fines up to £17.5m or 4% of the total worldwide annual turnover, whichever is higher.

Breach management

An organisation’s breach management plan should include:

  1. containment and recovery

  2. assessment of ongoing risk

  3. notification of breach

  4. evaluation and response

To effect this plan, you will first require a data breach team.

See Practice Note: How to manage a personal data breach, which provides practical assistance to organisations faced with a personal data breach, and Precedent: Personal data breach plan for a sample breach management process. This

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

Existing user? Sign-in TAKE A FREE TRIAL
Powered by Lexis+®
Latest Risk & Compliance News

Why UK sanctions review recommendations lack substance

Law360, London: On 15 May 2025, the UK government published the conclusions of its cross-government review of UK sanctions implementation and enforcement.

OFSI amends General licence INT/2025/5635700 and General Licence INT/2022/2470156

The Office of Financial Sanctions Implementation (OFSI) has announced amendments to two general licences. The changes affect Licence INT/2025/5635700 and Licence INT/2022/2470156, both of which relate to Russian sanctions implementation. The amendments modify existing permissions regarding oil price caps and exempt projects.

Sanctioned company director convicted of failing to give information

Law360, London: A sanctioned company director was convicted in a criminal court in London on 25 June 2025 of failing to adequately respond to a request for information by the UK's sanctions agency.

FCDO issues new Russia sanctions guidance for non-UK businesses

The Foreign, Commonwealth & Development Office (FCDO) has published new guides on UK Russia sanctions compliance for non-UK businesses operating outside the UK. The guides include general compliance principles and country-specific guidance for businesses in Kazakhstan, Uzbekistan, Kyrgyzstan, Georgia and Armenia. The materials aim to help foreign businesses understand UK sanctions requirements and implement risk management procedures.

View Risk & Compliance by content type :
News
Practice notes
Precedents
Q&As

Popular documents

Can I charge a fee for dealing with a data subject access request?

Can I charge a fee for dealing with a data subject access request?The General Data Protection Regulation (GDPR) provides for enhanced rights for data subjects including providing rights of rectification, erasure and restriction of processing, data portability, a right to object to processing and a

If a rentcharge is shown as being informally exonerated on title information, does this apply to the

If a rentcharge is shown as being informally exonerated on title information, does this apply to the current registered owner? Or does the informal exoneration only apply to the parties to the document which informally exonerated the rentcharge?This Q&A considers the situation where, at some

Late payment penalties—inheritance tax

Late payment penalties—inheritance taxWhile interest often accrues on overdue tax, the late payment of certain taxes may also attract a penalty. For information on the interest accruing on overdue tax, see Practice Notes: IHT—payment deadlines on death—Interest on IHT and Interest on late paid

If a beneficiary signs a deed of disclaimer of their share of an estate and the estate pays their legal

If a beneficiary signs a deed of disclaimer of their share of an estate and the estate pays their legal fees, will that count as a PET against their estate?A disclaimer is the refusal of a gift prior to acceptance. The refusal of the gift must take place before the beneficiary accepts any benefit
Can I charge a fee for dealing with a data subject access request?

Can I charge a fee for dealing with a data subject access request?

Can I charge a fee for dealing with a data subject access request?The General Data Protection Regulation (GDPR) provides for enhanced rights for data subjects including providing rights of rectification, erasure and restriction of processing, data portability, a right to object to processing and a

If a rentcharge is shown as being informally exonerated on title information, does this apply to the

If a rentcharge is shown as being informally exonerated on title information, does this apply to the

If a rentcharge is shown as being informally exonerated on title information, does this apply to the current registered owner? Or does the informal exoneration only apply to the parties to the document which informally exonerated the rentcharge?This Q&A considers the situation where, at some

Late payment penalties—inheritance tax

Late payment penalties—inheritance tax

Late payment penalties—inheritance taxWhile interest often accrues on overdue tax, the late payment of certain taxes may also attract a penalty. For information on the interest accruing on overdue tax, see Practice Notes: IHT—payment deadlines on death—Interest on IHT and Interest on late paid

If a beneficiary signs a deed of disclaimer of their share of an estate and the estate pays their legal

If a beneficiary signs a deed of disclaimer of their share of an estate and the estate pays their legal

If a beneficiary signs a deed of disclaimer of their share of an estate and the estate pays their legal fees, will that count as a PET against their estate?A disclaimer is the refusal of a gift prior to acceptance. The refusal of the gift must take place before the beneficiary accepts any benefit