A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes. It also means that a breach is more than just about losing personal data.
GDPR introduces a duty on Data Controllers to report certain types of personal data breach to the relevant supervisory authority; generally the Information Commissioner’s Office (ICO). If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, you must also inform those individuals without undue delay.
How can I report a potential breach? You can email us at firstname.lastname@example.org or alternatively you can write to us at our registered address.
If a User, other than a registered system Controller reports a breach, we will need to validate their ID with a Controller from their organisation.
We will acknowledge receipt of a reported incident.
Once we have identified that there is a breach or the likelihood of a breach, we will acknowledge as such to the associated Data Controller via a system Controller.
A director of Myhrtoolkit will then supervise the completion of this 4 point process
In the case of a personal data breach, we will inform the controller(s) of all affected parties. This shall occur without undue delay and, where feasible, not later than 72 hours after having become aware of it. This will include:
Where, and in so far as, it is not possible to provide the information at the same time, the information may be provided in phases without undue further delay.
If notification is not made within 72 hours, it shall be accompanied by reasons for the delay
We will take steps to rectify the identified situation.
We will implement changes to prevent a repeat occurrence.