Hope & May’s latest blog explores how and when you should report a data breach. Hope &May are global data protection experts offering advice on data processing.

According to the UK GDPR article 33, in the event of an actual or suspected personal data breach, a report should be made to the supervisory authority which in the UK is the Information Commissioner’s Office (ICO).

The definition of a security breach can be found in article 4(12), ‘a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed.’

So, for example, sending personal data by email to the wrong recipient would be unauthorized access. However, the UK GDPR goes on to say [a report is necessary] in the event that the breach causes a risk to the fundamental rights and freedoms of the individuals concerned.

Read more about what to do if you have a data breach on Hope & May's website.