Data breaches

A is a which leads to the unauthorised destruction, loss, alteration, disclosure of or access to , whether accidental or deliberate. This section will help you to understand what a involves and what your legal obligations are for responding to one. It includes guidance about the practical steps you should take to contain a , whether you need to notify affected individuals and when and how you must notify the .

Checklist for responding to a data breach

This checklist for responding to a data breach takes you through the steps you should take once you become aware of a personal data breach in your business (where personal data has been accidentally or illegally destroyed, lost, stolen or disclosed). This checklist includes the steps that you are legally required to take, depending on the circumstances of the breach. Failure to take the necessary steps after a personal data breach can result in very serious consequences, including significant fines.

Notice of a personal data breach (affected individuals)

This template Notice of a personal data breach (affected individuals) will allow you to produce a letter to send to any individuals who have been affected by a personal data breach in your business, where their personal data has been accidentally or illegally destroyed, lost or disclosed. You have a legal requirement to inform affected individuals where the breach carries a high risk to their rights and freedoms. In the most serious cases, failure to notify the affected individuals of a personal data breach can result in a significant fine. You can also purchase this document as part of the Data breach toolkit .
£10 + VAT
See all solutions