GDPR - Personal Data Breaches and Incidents
(8 June 2018)
Managing personal data is not without risk. The University tries to implement processes and systems that minimise risks and trains staff to manage information appropriately. However, there are internal and external factors that can result in inappropriate disclosure or loss of personal data, or that can highlight where there are vulnerabilities that may need addressing. Under the GDPR there are much tighter deadlines for us to identify and take action when these instances occur or are identified. The GDPR allows us only 72 hours from becoming aware to notifying the ICO if the impact of the breach is significant. For more information about data protection and information governance, please visit the Information Governance webpages.
You can do your bit to help by reporting incidents in a timely manner:
- Ensure that reporting lines are understood, documented and communicated, particularly with regard to external third parties.
- Report actual or suspected loss or breach of data.
- Report a personal data breach
- Report an information security incident or weakness.
- Comply with any investigation and provide evidence where required.