A personal data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, authorised disclosure of, or access to, personal data. The University has procedures in place to contain, mitigate, manage and notify a personal data breach. Please, use the reporting form in the link below:
The University’s data breach reporting requirements to the ICO
The University is not under a legal obligation to report every data breach to the ICO.
The GDPR, ICO guidance, EU guidance and the ICO’s self-assessment tool are all used to determine whether a data breach requires reporting.
The University’s reporting requirements to individuals
Where the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms the University is required to inform those individuals without undue delay.
The University’s obligations to record data breaches
The University must also keep a record of any personal data breach, regardless of whether it is reportable.
Role of the DPO in data breach incidents
The DPO is responsible for investigating a data breach incident as part of their statutory task to monitor compliance and will follow the data breach reporting obligations as set out in the GDPR and regulatory guidance.