Search

How can we help?

Icon

GDPR: the ICO attempts to clarify obligation to report serious data breaches

Faced with misleading press stories, the ICO has been addressing misconceptions about the GDPR by publishing myth busting blogs, including on the new requirement to report serious breaches of personal data.

Not all personal data breaches will need to be reported to the ICO, only if a risk to people’s rights and freedoms is likely.  The ICO does not give strict instructions of what incidents are serious enough to report but reiterates it is when people may suffer a significant detriment such as damage to reputation or financial loss. The ICO has encouraged all organisations to look at the types of incidents they could face to develop a sense of what would be serious.

Although the requirement to report a serious breach is without undue delay and where feasible within 72 hours, they don’t expect a full final report with all details within this time. The ICO have said that fines will be proportionate and will not be issued for every failure (although only time will tell what this will mean in practice). They remind firms that the point of the GDPR is not to punish organisations but to encourage companies to improve their ability to prevent breaches.

Louise Keenan

Associate

View profile

+44 118 960 4614

Under the current data protection law, reporting is best practice anyway even if not mandatory. Involving the ICO early can ensure the firm receives the best guidance and mitigate any fines issued.

Under the current data protection law, reporting is best practice anyway even if not mandatory. Involving the ICO early can ensure the firm receives the best guidance and mitigate any fines issued.

Organisations are encouraged to start planning now to ensure roles and processes are in place for when GDPR comes into effect in May 2018.

About this article

Disclaimer
This information is for guidance purposes only and should not be regarded as a substitute for taking legal advice. Please refer to the full General Notices on our website

Louise Keenan

Associate

View profile

+44 118 960 4614

About this article

Read, listen and watch our latest insights

art
  • 01 June 2023
  • Employment

Facts employees should know about their personal data

We previously published an article on facts an employer should know about holding personal data, so it is only fair that we also write about the other side of the coin – facts employees should know as individuals whose personal data is held by their employer.

art
  • 01 June 2023
  • Immigration

What is the Immigration Skills Charge (ISC) and how much do you have to pay?

The Immigration Skills Charge (ISC) is a levy on companies who sponsor migrant workers. This levy was imposed on 6 April 2017. The Government states that the charge has been levied to contribute towards addressing the skills gap in the local economy.

art
  • 26 May 2023
  • Employment

Avoiding discrimination in flexible working requests

The right to request flexible working is currently available to employees with at least 26 weeks’ service and is set to be extended further under new Government reforms.

art
  • 25 May 2023
  • Corporate and M&A

Management Buyout – Top 5 things to consider

A management buyout is a financial transaction in which a member of the management team purchases the company from its registered owner. MBO’s usually occur in private companies in an effort to enhance profitability and simplify strategies.

art
  • 25 May 2023
  • Employment

Carer’s Leave Bill set to become law

On 19 May 2023, the Carer’s Leave Bill had its third reading in the House of Lords, and upon receiving Royal Assent, will become law. There is not yet a date for the implementation of this bill, however it is likely that this will happen relatively quickly upon receiving Royal Assent, so is definitely one to keep an eye on.

art
  • 18 May 2023
  • Immigration

Navigating SOC Codes

When it comes to UK immigration, understanding the intricacies of the system is vital. One significant aspect of the process revolves around Standard Occupational Classification (SOC) codes. SOC codes play a crucial role in determining the eligibility for an individual to apply for a work visa, assessing skill levels, and matching individuals to appropriate job roles.