GDPR: Data Breaches

Hopefully, you’re reading this before you’ve begun processing data and you’re not here because you’ve just accidentally posted a hundred people’s personal data on Twitter.

Data breach jokes aside, if your organisation has experienced one, this blog cannot help you. Seek legal advice as soon as possible and make sure you report the breach to the ICO within 72 hours.

Now the disclaimers are out of the way…

From a rogue-Morrison’s employee releasing the details of 100,000 members of staff (including their bank details) to Yahoo’s 2013 breach which leaked details of 3 billion accounts, data breaches have never been welcome in the news.

What is a breach?

A personal data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes.

Personal data breaches must be reported within 72 hours of becoming aware of the breach.

You must inform individuals of the data breach if it is likely to be a high risk of affecting their rights and freedoms.

Have in place robust breach detection, investigation and internal reporting procedures.

Keep a record of any personal data breaches, regardless of whether you are required to notify.

 

What to tell the ICO

  A description of the nature of the personal data breach including:

  • the categories and approximate number of individuals data lost in the breach
  • the categories and approximate number of personal data records in the breach
  • the name and contact details of the data protection officer or other contact point
  • a description of the likely consequences of the personal data breach
  • a description of the measures taken, or proposed to be taken, to deal with the breach

What to tell affected individuals

You need to describe, in clear and plain language, the nature of the personal data breach and, at least:

  • the name and contact details of your data protection officer or other contact
  • a description of the likely consequences of the personal data breach
  • a description of the measures taken, or proposed to be taken, to deal with the breach

More detailed advice for GDPR can be found in the ICO’s GDPR Guide.

This is the final chapter in Part One of our GDPR series.

You can see all of the other blogs here or check back soon for event-industry specific advice, including how GDPR could affect your use of Helm Tickets.

POPULAR POSTS

NEW: Payout frequencies and on demand payouts

We’ve updated the way you receive your payouts on Helm Tickets! You now have more control over when you receive your funds and can select the payout frequency that best suits you. These new features allow you to access your funds when you need them. It’s completely up...

How to market your event on Twitter

Social media moves fast, but nowhere is it faster than on Twitter. If you’re promoting events on Twitter, it means your marketing strategy needs to evolve quickly too.

Twitter may be one of the most challenging networks for social media event marketing, but it’s also one of the most rewarding.

How to market your event on Facebook

Facebook isn’t just the world’s favourite social media platform, it’s also a powerful events hub. With 490 million people using Facebook events every month, it’s the discovery site many people turn to when they want to find out what’s going on in their area.

GET WEEKLY EMAIL UPDATES

CONNECT WITH US