6. GDPR Breaches
What do you need to do if there is a breach of GDPR?
GDPR introduces a duty on all organisations to report certain types of personal data breaches to the relevant supervisory authority (for the UK this is the Information Commissioners Office (ICO) - www.ico.org.uk).
When a personal data breach has occurred, you need to establish the likelihood and severity of the resulting risk to people’s rights and freedoms. If it’s likely that there will be a risk then you must notify the ICO; if it’s unlikely then you don’t have to report it. However, if you decide you don’t need to report the breach, you need to be able to justify this decision, so you should document it.
On this page
What do you need to do if there is a breach?
Sign up to continue reading this content and gain access to our Regular Member content
Sign up for free
Get access to Premium Member content on YourHR.guide by signing up today!
- Access more templates
- Access more guidance
- Access more HR policies
Already a member?
Login to view