Thought of the Day: Will all personal data breaches need to be reported to the ICO?

March 14 18:38 2018 Print This Article

Currently, most personal data breach reporting is best practice but not compulsory. Under the General Data Protection Regulation, it will be mandatory to report a personal data breach if it’s likely to result in a risk to people’s rights and freedoms. So, if it’s unlikely that the breach will result in a risk to people’s rights and freedom, there will be no need to report.

If the breach is likely to result in a high risk to people’s rights and freedoms, there is a further requirement to report the breach to the affected individuals. High risk can include the potential of people suffering significant detrimental effect, such as discrimination, damage to reputation or financial loss. The ICO can advise companies on who is affected and if affected individuals should be contacted in case the breach is considered to be high risk.

view more articles

About Article Author

GDPR Associates
GDPR Associates

View More Articles
write a comment


No Comments Yet!

You can be the one to start a conversation.

Add a Comment