Personal data breaches are a fact of life for every organisation – from ransomware attacks and phishing to sending emails to the wrong recipients. Knowing what to do in these situations is key. The ICO’s timeline for reporting a personal data breach is 72 hours from when you became aware of the breach. The tight timeframes mean that your organisation needs to be able to hit the ground running to deal with the incident and minimise the risk to data subjects. This is vital to retain the trust of your customers, donors and others.

Research shows that data breaches lower levels of trust in organisations’ ability to handle personal data correctly. Having a robust system in place and implementing it in an effective way will help you to recover faster and ensure that you retain the confidence of those individuals whose data you hold.   

This session helps you to ensure that you can navigate a personal data breach quickly and efficiently.  We will take you through every step of a personal data breach, using a scenario based on a real incident.  The session will encompass:

  • How to identify a personal data breach
  • How to calibrate the level of risk to data subjects
  • When to report a personal data breach to the ICO
  • When to tell individuals about the breach
  • Practical tips on the reporting process
  • Steps to take to mitigate risks in the future

By the end of the session participants will be better able to:

  • Take a practical approach to a data breach
  • Understand the level of risk and what needs to be done
  • Navigate the reporting requirements to the regulator and individuals
  • Manage potential legal and reputational consequences.