You may have less than 72 hours

Personal data breaches are unfortunate but sometimes unavoidable. That’s just the real world.

A breach may cause you financial and reputational problems.

Not handling a breach appropriately significantly increases these problems.

1. If you have experienced an incident involving personal data:

You need to figure out if the incident falls within the GDPR definition of a “personal data breach”.

2. If it a personal data breach:

You must assess the risk to the individuals whose personal data was breached.

You must record details of the breach in an internal log, including the steps you are taking to minimise the impact on individuals and to reduce the likelihood of this happening again.

3. Unless the breach is unlikely to present a risk to these individuals:

You must tell the regulator within 72 hours of becoming aware of the breach.

This is not 72 working hours. This is 72 elapsed hours, including bank holidays and weekends.

4. If the breach could be a high risk to these individuals:

You must inform the individuals impacted so they can take steps to reduce the impact.

Depending on the number of individuals impacted, you may need to issue a notification through the media.

If you have encountered a personal data breach, it is too late to look at this from your perspective.

You must now think about this from the individuals’ perspectives.

Are you unsure?

If you are unsure about how to assess if a personal data breach has occurred or how to handle the breach appropriately, I can help.

Step 1: Contact me

Contact me using the form below or call me at 01 554 6268.

Provide some basic information about the situation. I don’t need too much detail. Do not include samples of the data involved.

Give me your direct contact number,  and let me times that you are not available for a call today.

Step 2: Free initial call

I will call you back as soon as I can – Definitely before the end of today (although it may be in the evening).

We will have a quick (no more than 15-20 min) phone conversation to clarify the situation. I will give you some pointers to help you.

We can then decide if you need further help from me. You’re under no obligation.

Step 3: After our call

If you don’t want further help, there is no step 3. You’re under no obligation to engage me further.

If you do want my assistance and I think I can help, we can agree a scope and a cost for my involvement.

If you have experienced a breach, I want to help you do what is right.

Whatever we discuss will remain confidential.

Step 1: Contact me

Privacy: Breaching your trust would destroy my business. I will only use the personal data (and the details of your situation) that you enter above for the purposes of our call. Your personal data will not be passed on to anyone else. You can read more in my privacy policy.