RNN GroupInformation Governance and AssuranceReporting A Data Breach

Reporting A Data Breach

The decision to report a data breach, either to the Information Commissioners Office (ICO) or to the data subjects themselves, remains solely with the Groupโ€™s Data Protection Officer (DPO).

It is the duty of all Group staff to report data breaches to the DPO as soon as they become โ€˜awareโ€™ of a breach. Awareness is defined as when a member of staff has a reasonable degree of certainty that a security incident has occurred and that this has led to personal data being compromised.

The GDPR explains that a personal data breach can be categorised as:

โ€œConfidentiality breachโ€ โ€“ where there is an unauthorised or accidental disclosure of, or access to, personal data

โ€œAvailability breachโ€ โ€“ where there is an accidental or unauthorised loss of access to, or destruction of, personal data

โ€œIntegrity breachโ€ โ€“ where there is an unauthorised or accidental alteration of personal data

It should also be noted that, depending on the circumstances, a breach could concern confidentiality, availability and integrity of personal data at the same time, as well as any combination of these.

Click the following link for further guidance and examples on Personal Data Breach โ€“ Identification and action.

Please complete the details below with the incident specifics and click on the โ€˜submitโ€™ button to report the incident to the data protection team.

Personal Data Breach Reporting

  • Confidentiality breach – where there is an unauthorised or accidental disclosure of, or access to, personal data

    Availability breach – where there is an accidental or unauthorised loss of access to, or destruction of, personal data

    Integrity breach – where there is an unauthorised or accidental alteration of personal data
  • Privacy and Data Protection Accountability Statement

    Responsible Body: RNN Group
    Purpose: To enable the appropriate investigation and reporting to take place, validate the details you have provided and to facilitate additional contact, should this be necessary.
    Lawful Basis: Legal obligation
    Recipients: Data will not be transferred to third parties except where a legal obligation exists or that it is required for the Group to perform its duties
    Rights: Access and rectification
    Additional Information: More information in regards to the RNN Groupโ€™s accountability and transparency framework can be found at www.rnngroup.ac.uk/IG The RNN Group may use your name and email address to inform you of our future offers and similar products or services. This information is not shared with third parties and you can unsubscribe at any time.

The Groupโ€™s Data Protection Officer is a resource to the Group and can be contacted directly should urgent assistance be required.

DPO Contact details:
Email :ย DPO@rnngroup.ac.uk
Call: 01909 504666

General Data Protection questions (internal and external):
dp@rnngroup.ac.uk

Subject Access Requests (SAR), (internal and external):
sar@rnngroup.ac.uk

Dedicated RNN Group Twitter feed for all things Data Protection related:
@rnndataprotect (https://twitter.com/rnndataprotect)