Sound the alarm: Reporting data breaches under GDPR

Sound the alarm: Reporting data breaches under GDPR

Under GDPR, data controllers must report data breaches. These breaches entail “the destruction, loss, alteration, unauthorised disclosure of, or access to, personal data,” according to the Information Commissioners Office, (ICO) and can occur from several intrusions. These breaches can vary from hacks, to human error, to loss of equipment, and so on.

Whilst the rules about exactly what constitutes a data breach are complex, the ICO should only be notified when the breach involves personal data. “Any data which if leaked or hacked could compromise the privacy of individuals need to be considered high-risk,” Mike Shaw, Managing Director of Validium, warns. This includes sensitive data relating to where an employee lives, any criminal convictions, health records, financial details and absence records relating to their mental health. Other types of breaches may require you to notify a sector specific regulator.

£5 a month for the first 3 months*

Join our growing community of forward thinking HR leaders and get unlimited access to the full archive, as well as exclusive reports, how-tos, deep dives, and video interviews.

* Billed via Credit/Debit card at £5 a month for the first 3 months, then £27.99 per month.
One time use only. New customers only. Offer expires 11:59PM Sunday 26th March 2023.

Welcome Back