top of page


SKU: 7.53
  • Advice

    Personal data breaches can be defined as unauthorised access of data security leading to the accidental or unlawful destruction, loss, alteration, disclosure of, or access to personal data stored by the company. All security breaches must be addressed by the Employer or business.


    Breaches may include:

    • Data accessed by an unauthorised third party;
    • Deliberate or accidental action (or inaction) by a controller or processor;
    • Sending personal data to an incorrect recipient;
    • Computing devices containing personal data being lost or stolen;
    • Alteration of personal data without permission; and
    • Loss of availability of personal data.


    Notifying the ICO 

    In the event of a data breach, General Data Protection Regulations (GDPR) impose guidelines on all companies to report breaches to the relevant supervisory authority within 72 hours. Employers must consider whether the breach is likely to result in a high risk of negatively affecting an individual’s rights and freedoms.


    If there’s likely to be a risk to the right and freedom of people, you must notify the ICO. If there’s an unlikely chance of risk you don’t have to report it. 


    In any case, you should record the breach, noting: -

    • A description of the nature of the personal data breach;
    • Categories and approximate number of individuals concerned; 
    • Categories and approximate number of personal data records concerned; 
    • The names and contact details of the data protection officer where more information can be obtained; 
    • A description of the likely consequences of the personal data breach; and 
    • A description of the measures taken or proposed to be taken, to deal with the personal data breach and including measures taken to mitigate any possible adverse effects. 



    A breach must be reported without delay, to the ICO, generally no later than 72 hours after becoming aware of the breach. If the business or the employer fails to notify the ICO of the breach within the time limit allotted and without proper reason for late notification, the business may be heavily fined.


    Notifying an individual about a breach 

    If a breach is likely to cause a high risk to the rights and freedoms of individuals then you must inform them directly and without delay especially if there is the need to mitigate the risk or damage to the affected individual(s). When you notify them, you should describe in clear and plain language:

    • The name and contact details of your data protection officer;
    • A description of the consequences likely to arise from the breach of personal data; and 
    • A description of the measures taken to deal with the breach, and measures to mitigate any possible adverse effects. 


    How we can help

    If you have been the subject of a date breach then you should report the matter without delay, should you feel that such a breach warrants our involvement then we would be delighted to receive your instructions. To initiate a case simply click on the link at the top of the page. activated by the link at the top of the page, should you wish to start a case the caseworker will send you the suitable payment link.


    Please note your caseworker can only give generic advice, their role is to prepare your details for handling by our legal team and medical consultant and to act as your point of contact, they will also issue you with your Password and PIN, these will be needed to log onto your client dashboard. From your dashboard you will be able to manage and view every aspect of your case, upload documents, images, files etc.  

Click hear to book your

free initial consultation:

bottom of page