Data Breach Policy

GDPR Data Breach Policy

One of the essential elements of GDPR readiness is having a full GDPR Data Breach policy and just as importantly having a Data Breach Register.

Your GDPR Data Breach policy should provide all of your staff with clear guidance on who they should contact within your organisation, where they can find your Data Breach Register and how to complete it, and then it should provide the member(s) of your team allocated to deal with data breaches with clear instruction on who they need to contact, when/if they need to report a data breach to the Information Commissioner's Office (ICO) and if so, how to report it, together with clear strategies for dealing with outside requests of information, whether that is from clients, the general public or the press.

There are clear time limits on the completion of some of the tasks required under a GDPR Data Breach, and our policy provides you with clear guidance on these and advice on how to comply.

Remember, that all of your staff should be encouraged to record any data breaches in the Data Breach Register, and just as you would (should) record a cut finger in your company accident book, so you should record a simple data breach (such as sending the wrong email to the wrong person or putting the wrong invoice in the wrong envelope) in your GDPR Data Breach Register.

We recognise that many organisations do not currently have a GDPR Data Breach Register and so for a limited period if you order a copy of our GDPR Data Breach policy, not only will you receive a copy of the policy but you also receive a ready to use Data Breach Register too.