6. GDPR Breaches
Breaches
What do you need to do if there is a breach of GDPR?
GDPR introduces a duty on all organisations to report certain types of personal data breaches to the relevant supervisory authority (for the UK this is the Information Commissioners Office (ICO) - www.ico.org.uk).
When a personal data breach has occurred, you need to establish the likelihood and severity of the resulting risk to people’s rights and freedoms. If it’s likely that there will be a risk then you must notify the ICO; if it’s unlikely then you don’t have to report it. However, if you decide you don’t need to report the breach, you need to be able to justify this decision, so you should document it.
If...
On this page
What do you need to do if there is a breach?
Contact us to continue reading and gain access to more content
Contact us for access
Contact us to get more access
- Access more templates
- Access more guidance
- Access more HR policy documents
Already a member?
Login to view