Skip to main content Skip to navigation

Data Incidents and breaches

A personal data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, authorised disclosure of, or access to, personal data.The University has procedures in place to contain, mitigate, manage and notify a personal data breach. Please, use the reporting form in the link below:

Personal Data Breach Procedure and Breach Reporting Form or email: dpo at warwick dot ac dot uk

The University’s data breach reporting requirements to the ICO

The University is not under a legal obligation to report every data breach to the ICO.

The IDC take into account the GDPR, ICO guidance, EU guidance and the ICO’s self-assessment tool to determine whether a data breach requires reporting.

The University’s reporting requirements to individuals

Where the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms the University is required to inform those individuals without undue delay.

The University’s obligations to record data breaches

The University must also keep a record of any personal data breach, regardless of whether it is reportable.

Role of the DPO in data breach incidents

The DPO is responsible for investigating a data breach incident as part of her statutory task to monitor compliance and will follow the data breach reporting obligations as set out in the GDPR and regulatory guidance.