A data breach occurs when personal or sensitive information is accidentally or unlawfully accessed, disclosed, altered, lost, or destroyed. Breaches may result from technical failures, malicious attacks, or human error.
Examples include:
-
Sending personal information to the wrong recipient
-
Unauthorised staff access to confidential files
-
Loss or theft of unencrypted devices
-
Ransomware or phishing attacks
Under UK GDPR, organisations must report qualifying breaches to the ICO within 72 hours of becoming aware and notify affected individuals when their rights or freedoms are at risk. Proactive incident management, staff training, and risk assessments are essential to prevent and respond to data breaches effectively.
