GDPR : Reporting Personal Data Breaches
The University is required to keep a record of all security incidents involving personal data. Reportable incidents must be reported to the Information Commissioner by the Data Protection Officer (DPO) of the University of Warwick, within 72 hours of detection, and without undue delay to individuals affected by the incident. It is vital that all staff report a personal data breach, however minor, as soon as possible after discovery so that we can use the 72 hours to establish what has happened, the size of the breach and whether it needs to be reported further.
Here is guidance on what a personal data breach is, what to do if you know (or suspect) there has been one and how the IDC Team will manage such breaches. Please find below the forms required: