Data breaches

Data breaches

This subtopic reflects notification requirements in Assimilated Regulation (EU) 2016/679, the UK GDPR Data Protection Regulation (UK GDPR) and draws on guidance published by the Information Commissioner's Office (ICO) to provide practical assistance on managing a personal data breach. It also contains information previously set out in ICO guidance on data security breach management which predated UK GDPR, but contained additional useful practical information.

What is a personal data breach?

A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. See Practice Note: How to manage a personal data breach—What is a personal data breach?

Breach of the UK GDPR can expose commercial organisations to fines up to £17.5m or 4% of the total worldwide annual turnover, whichever is higher.

Breach management

The ICO recommends that an organisation’s breach management plan should consist of the following four elements:

•
containment and recovery
•
assessment of ongoing risk
•
notification of breach
•
evaluation and response

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

TAKE A FREE TRIAL

Latest Practice Compliance News

HM Treasury issues advisory on Oil Price Cap evasion tactics

HM Treasury (HMT)and the Office of Financial Sanctions Implementation (OFSI) have released an advisory concerning the Oil Price Cap (OPC) regime. The guidance specifically addresses evasion strategies involving the manipulation of product origin through the use of fabricated and falsified Certificates of Origin (CO). This advisory aims to alert relevant parties to the risks associated with such practices and to enhance compliance efforts within the oil trade sector.

Practice Compliance weekly highlights—21 November 2024

This week's edition of Practice Compliance weekly highlights includes: the latest financial sanctions updates, three new consultations from the Solicitors Regulation Authority (SRA) on client money management and consumer protection, initiation of a consultation for legal regulators to combat economic crime by the Legal Services Board (LSB), and new guidance from the SRA on internal investigations, together with a suite of guidance for in-house solicitors.

New Practice Compliance forecast as at 20 November 2024

Our new Practice Compliance forecast (as at 20 November 2024) is now live. This month we report on items including: (1) publication of the long-awaited government guidance on the failure to prevent fraud offence; (2) consultation by the Financial Action Task Force (FATF) on proposed changes to FATF Standards and updates to grey listing criteria by FATF to increase focus on risk; (3) Transparency proposals and future Scheme Rules changes by the Legal Ombudsman (LeO), and (4) SRA consultation on the publication of regulatory decisions, updates to financial penalty regime and client money in legal services.