Try out and test our new website!

Data breach in a business

If a supplier experiences a data breach, when data has been compromised in some way (for example disclosed to the wrong individual, lost, mislaid, deleted in error), they need to report it to the Council as soon as possible and will need to investigate what has led to the breach and what action now needs to be taken to mitigate or contain the impact of the breach. The Council has a data breach form that can help with the assessment.

Should a data breach occur that is likely to result in a risk to individuals' rights and freedoms, there will be a direct obligation under the GDPR to inform the Information Commissioners Office within 72 hours of the breach taking place. Processors can now be directly penalised for data breaches and receive fines for non-compliance.