Under GDPR, data controllers must report data breaches. These breaches entail “the destruction, loss, alteration, unauthorised disclosure of, or access to, personal data,” according to the Information Commissioners Office, (ICO) and can occur from several intrusions. These breaches can vary from hacks, to human error, to loss of equipment, and so on.
Whilst the rules about exactly what constitutes a data breach are complex, the ICO should only be notified when the breach involves personal data. “Any data which if leaked or hacked could compromise the privacy of individuals need to be considered high-risk,” Mike Shaw, Managing Director of Validium, warns. This includes sensitive data relating to where an employee lives, any criminal convictions, health records, financial details and absence records relating to their mental health. Other types of breaches may require you to notify a sector specific regulator.
* By registering you agree that you have read and agree to our Terms and Conditions and that Executive Grapevine International Ltd and its partners may contact you regarding relevant content and products.
If you find yourself asked to register again, please make sure that your browser cookie is enabled.
We would like you to become part of HR Grapevine and join the most engaged online communities of HR Professionals in the UK. Thousands of HR Professionals just like you have already registered with HR Grapevine and we would like you to join in - its FREE!
However, an EU regulation coming our way means that to continue hearing from us, you will need to become a registered user. No matter the outcome of BREXIT, this regulation will apply to us while we remain in the UK and perhaps beyond.
Access across the HR Grapevine site will continue to be free of charge once you register. You will also be able to join our other communities for:
- Business Leaders
Every reader we retain, is very important to us, and we would appreciate you taking the time to Register with us now.