DWF logo

Search

DWF logo

          GDPR: Data breach

          In the immediate aftermath of a data breach various steps need to be taken quickly to ensure that the response is appropriate and harm to your organisation is minimised. If a notification to the ICO is to be made then this should be done quickly as the General Data Protection Regulations imposes tight timescales.

          Date: 09/10/2017

          The morning from hell…and what to do next.

          What should be done?

          The immediate aftermath of a data breach is a worrying time for all concerned. Various steps need to be taken quickly to ensure that the response is appropriate and the harm to the organisation is minimised. This will involve a carefully co-ordinated response across a variety of disciplines - all of which will be underpinned by legal advice.

          A key legal consideration will be whether to inform the Information Commissioner's Office ("ICO") (the regulator tasked with handling data protection matters in the UK) of the breach.

          The first question will be whether you actually need to make a notification to the ICO. You will then need to decide when and how such notification should be made. In certain circumstances individuals affected by the data breach may also need to be informed. Our lawyers can help you formulate your response and deal with all of this. You should get us involved from the very beginning. If a
          notification to the ICO is to be made then this should be done quickly (the General Data Protection Regulation imposes tight timescales).

          Our data protection experts outline the key things to consider in the immediate aftermath of a breach.

          Download and keep: GDPR and Data Breaches

          If you require assistance please contact John Benjamin

          Related people