Reporting A Data Breach
The decision to report a data breach, either to the Information Commissioners Office (ICO) or to the data subjects themselves, remains solely with the Group’s Data Protection Officer (DPO).
It is the duty of all Group staff to report data breaches to the DPO as soon as they become ‘aware’ of a breach. Awareness is defined as when a member of staff has a reasonable degree of certainty that a security incident has occurred and that this has led to personal data being compromised.
The GDPR explains that a personal data breach can be categorised as:
“Confidentiality breach” – where there is an unauthorised or accidental disclosure of, or access to, personal data
“Availability breach” – where there is an accidental or unauthorised loss of access to, or destruction of, personal data
“Integrity breach” – where there is an unauthorised or accidental alteration of personal data
It should also be noted that, depending on the circumstances, a breach could concern confidentiality, availability and integrity of personal data at the same time, as well as any combination of these.
Click the following link for further guidance and examples on Personal Data Breach – Identification and action.
Please complete the details below with the incident specifics and click on the ‘submit’ button to report the incident to the data protection team.
Personal Data Breach Reporting
The Group’s Data Protection Officer is a resource to the Group and can be contacted directly should urgent assistance be required.
DPO Contact details:
Email : DPO@rnngroup.ac.uk
Call: 01909 504666
General Data Protection questions (internal and external):
Subject Access Requests (SAR), (internal and external):
Dedicated RNN Group Twitter feed for all things Data Protection related: