We use cookies to ensure that we give you the best experience on our website. You can change your cookie settings at any time. Otherwise, we'll assume you're OK to continue.

Durham University

Internal Communications
  • Need to know

    Need to know
  • Latest news

    Latest news
  • Events and Activities

    Events and Activities
  • Lectures and Seminars

    Lectures and Seminars

GDPR - Personal Data Breaches and Incidents

(8 June 2018)

Managing personal data is not without risk. The University tries to implement processes and systems that minimise risks and trains staff to manage information appropriately. However, there are internal and external factors that can result in inappropriate disclosure or loss of personal data, or that can highlight where there are vulnerabilities that may need addressing. Under the GDPR there are much tighter deadlines for us to identify and take action when these instances occur or are identified. The GDPR allows us only 72 hours from becoming aware to notifying the ICO if the impact of the breach is significant. For more information about data protection and information governance, please visit the Information Governance webpages.

You can do your bit to help by reporting incidents in a timely manner:

Have something to include?

Please liaise with the designated contact for your department or college. For further guidance, email

Get in touch