6. GDPR Breaches


What do you need to do if there is a breach of GDPR?

GDPR introduces a duty on all organisations to report certain types of personal data breaches to the relevant supervisory authority (for the UK this is the Information Commissioners Office (ICO) - www.ico.org.uk).

When a personal data breach has occurred, you need to establish the likelihood and severity of the resulting risk to people’s rights and freedoms. If it’s likely that there will be a risk then you must notify the ICO; if it’s unlikely then you don’t have to report it. However, if you decide you don’t need to report the breach, you need to be able to justify this decision, so you should document it.


Member's content

On this page

What do you need to do if there is a breach?

Sign up to continue reading this content and gain access to our Regular Member content