Personal Data Breach Plan
(UK GDPR Compliant)


Summary

This template Personal data breach plan can be used by organisations to inform their staff and managers of the actions to take on discovering a personal data breach (including a cybersecurity breach). It reflects reporting requirements in the UK GDPR and takes into account relevant guidance from the Information Commissioner's Office. This template contains practical guidance and drafting notes. This template incorporates a process for dealing with actual or suspected personal data breaches. A personal data breach plan may also be known as a data breach policy. This template can also be used for cybersecurity breaches that involve the loss, damage or unauthorised access to personal data. On discovering a data breach, the first thing you should do is assemble a data breach team comprising the various people within your organisation who are best placed to respond to the breach, e.g., the Data Protection Officer (if you have one), risk partner, head of IT, head of compliance, head of legal...