Share

3 min read

Writen by Marin Milenkoski

Posted on: September 21, 2022

What is a personal data breach?

Many companies don’t take data privacy protection seriously until a data breach occurs.
A data breach is the worst nightmare that can happen to a company.
If you’ve ever faced a data breach, you will understand the difficulties that you might face without a robust protection.

ICO thoroughly explains what a personal data breach is and how you should deal with it.
According to the ICO a personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data.
This includes breaches that are the result of both accidental and deliberate causes.
It also means that a breach is more than just losing personal data.

There are three types of breaches that a company might face:

  • Confidentiality breach – when a private information is disclosed to a third party without the consent from the owner, for example emailing personal data to a wrong person.
  • Integrity breach – an unauthorized or accidental alteration of personal data, for example if a ransomware attack encrypting all data on companies’ system.
  • Availability breach – an accidental or unauthorized loss of access to, or destruction of personal data, even if temporary, for example if a server fails and the company doesn’t have access to its data.

ICO provide examples of data breaches which can be found on their website such as:

  • Access by unauthorized third party
  • Sending personal data to an incorrect recipient
  • Computing devices containing personal data being lost or stolen
  • Alteration of personal data without permission
  • Loss of availability of personal data
  • Theft of a customer database, whose data may be used to commit identity fraud
  • Loss or inappropriate alteration of a staff telephone list
  • An attack on a companies’ network that results in personal data about its clients being unlawfully accessed
  • A hospital suffers a breach that results in accidental disclosure of patient records
  • An accidental deletion of contact details

    The GDPR introduces an obligation for every company to report certain personal data breaches to their competent supervisory authority.
    For example, the Supervisory Authority in the UK is the ICO.
    The report must be made within 72 hours of becoming aware of the breach.
    If the breach is likely to result in a high risk and it’s affecting individual’s rights and freedoms, the company must inform those individuals without undue delay.
    Failing to notify the competent Supervisory Authority of a breach when required, can result in heavy fines.

    Feel free to book a slot so we can have a chat on more data privacy protection related topics.

Contact Us

Hope you find this useful. If you need an EU Rep, have any GDPR questions, or have received a SAR or Regulator request and need help then please contact us anytime. We are always happy to help...
Zlatko, Adam, Hristina, Marin.

Contact Us

Recent blogs

Digital Age of Consent under the GDPR

GDPR incorporated a separate article that regulates the processing of children’s personal data wh

What is a personal data breach?

Many companies don’t take data privacy protection seriously until a data breach occurs.

Instagram fined for violating GDPR regulations

The Irish Data Protection Commission fined Instagram in amount of €405 million euros for breachin

Get Your Account Now

Setup in just a few minutes. Enter your company details and choose the services you need.

Create Account

Get In Touch

Not sure which option to choose? Call, email, chat to us
anytime.

Contact Us
06 GDPR INFO

Stay Up-To-Date

Leave your details here and we’ll send you updates and information on all aspects of GDPR and EU Representative. We won’t bombard you with emails and you will be able to tell us to stop anytime.