Personal Data Breach

< Back
You are here:

A personal data breach is defined as a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. 

The above definition however does not take into account the impact of the breach, which must be considered if the breach is to be reported to the supervisory authority.

  • A breach which is believed could result in a risk to the data subject, must be reported to the supervisory authority within 72 hours of becoming aware, therefore prompt reporting of incidents is essential.
  • A breach which is believed could result in a high risk to the data subject must also be reported to the data subject.

The most important aspect for any colleague to understand is to report any incident which meets the definition above in order that an incident investigator can assess the breach and determine if it should be reported and how it should be treated.

Mark Roebuck

Mark Roebuck

Building a career around data led programme management Mark recognised that existing data compliance solutions were complex and difficult for clients to use. Frustrated with the options he founded ProvePrivacy to provide an effective and simple to use data protection compliance solution.

Copyright:  All information and articles provided represent the views of ProvePrivacy Limited and our contributors.  They do not constitute legal or data protection advice. All rights reserved.

You Might Also Like