Skip to content

Tel: 0843 224 7900

Email: enquiries@squareonelaw.com

News

Back to News

What businesses should do if a data breach occurs?

Under the GDPR personal data controllers are required to report personal data security breaches to the data protection authority within 72 hours of becoming aware of the breach.

Not all breaches are reportable. It is essential you create a robust plan for detecting and identifying breaches quickly, escalating them through your organisation, assessing and containing breach, reporting to the ICO (and possibly individuals) where necessary, and taking steps to ensure breaches do not reoccur.

We set out in the below flowchart some key considerations for deciding whether a breach is reportable. As well as any obligation on the data controller to self-report to the ICO, in all cases there is a duty to contain any security breach, mitigate its effects and keep a detailed record of all incidents (even those you decide not to report to the ICO).

Please note breach reports can be made via the ICO website form or by telephone.

 

Team involved with this story

Share this

Next Post

New era for Precision Geomatics as A-Plant acquires business from long-term owner

Previous Post

Experienced commercial lawyer and mediator joins Square One Law