Sound the alarm: Reporting data breaches under GDPR

Sound the alarm: Reporting data breaches under GDPR

Under GDPR, data controllers must report data breaches. These breaches entail “the destruction, loss, alteration, unauthorised disclosure of, or access to, personal data,” according to the Information Commissioners Office, (ICO) and can occur from several intrusions. These breaches can vary from hacks, to human error, to loss of equipment, and so on.

Whilst the rules about exactly what constitutes a data breach are complex, the ICO should only be notified when the breach involves personal data. “Any data which if leaked or hacked could compromise the privacy of individuals need to be considered high-risk,” Mike Shaw, Managing Director of Validium, warns. This includes sensitive data relating to where an employee lives, any criminal convictions, health records, financial details and absence records relating to their mental health. Other types of breaches may require you to notify a sector specific regulator.

Annual packages are now available for £199...

Join our growing community of forward thinking HR leaders and get unlimited access to the full archive, as well as exclusive reports, how-tos, deep dives, and video interviews.

* Billed via Credit/Debit card at £199 for first year, then £299 per annum.
One time use only. New customers only.

Welcome Back

Related Content

HR Grapevine
HR Grapevine | Executive Grapevine International Ltd

What's next? | The top trends within HR for 2023 and beyond

10 mins read