1. Home
  2. Knowledge Base
  3. Assurance & Risk
  4. GDPR Breach Procedure – Overview

GDPR Breach Procedure – Overview

Information security breaches can happen for a number of reasons and may cause harm and distress to the individuals they affect.

A data security breach can occur due to:

  • The loss or theft of data or equipment on which data is stored
  • Unauthorised use because of inappropriate access controls
  • Equipment failure
  • Human error
  • Fire or flood
  • Hacking
  • Information obtained through deceit

If any of the following types of incident (breach) occur (this list is not exhaustive) then you need to report it immediately to the Business Assurance Manager on (01633) 620349 or at data.protection@bronafon.org.uk.

  • A letter/statement that includes personal data or sensitive personal data has been sent to the wrong address.
  • Information containing personal and/or sensitive personal information left on a desk; by a photocopier; in a bin or recycle bin or other non-secure location at our main office in Llantarnam or another site office.
  • You or a staff member have lost, mislaid or had stolen a USB stick, laptop, mobile phone, other electronic device or paper file.
  • A paper file containing sensitive personal information has been left at a property.
  • You have accidentally transferred information to someone who is not entitled to receive that information, and have either emailed the wrong recipient(s) or sent correspondence to the wrong recipient(s).
  • Someone has attempted whether successfully or not to gain access to your data on a computer system.
  • A large amount of personal/sensitive personal data has been lost or stolen, or has been sent to the wrong person(s) in error.
  • A contractor instructed to act as a processor of your data has mislaid, misused or lost personal and/or sensitive personal information of our clients/customers or staff.

If you are still unsure whether something needs to be reported, please contact the Business Assurance Manager.

All incidents should be reported as soon as possible by completing the ‘Breach reporting form’ in Appendix 1, and returning it to the Business Assurance on (01633) 620349 or at data.protection@bronafon.org.uk.

Was this article helpful?
Yes No

Related Articles