17th Oct 2019

Did you know that if your organisation has had a data breach, in some cases you only have 72 hours to report this to the Information Commissioners Office (ICO)?

Data breaches can be something as everyday as not using the BCC function when sending emails to lots of people outside of your organisation, to losing an unencrypted memory stick with sensitive personal data on it.

With the introduction of GDPR, the ICO says that if a personal data breach is likely to risk people’s rights and freedoms then this needs to be reported. The ICO have now published a tool on their website to help you decide if a report needs to be made, which can be found here https://ico.org.uk/for-organisations/report-a-breach/personal-data-breach/

If you are still unsure after using the tool, the ICO can be contacted by phone for advice. In some cases, when the data that has been breached could cause serious harm to the individuals whose data you have been holding, you will have to let the individuals themselves know that there has been an issue.

Even if you feel that it does not need to be reported, the ICO will expect you to keep a note of the details of the breach and the reasons why you decided that it didn’t meet the criteria to be reported.

It is important that all staff and the volunteers know how to keep data safe and what to do if data is lost, shared without consent or stolen.

Some ways you can keep the data you hold safe include always BCC’ing emails, encrypting memory sticks, making sure that computers and portable devices are password protected and keeping paperwork locked away.

At Durham Community Action, our ‘Understanding GDPR for Voluntary and Community Organisations’ Community Development Workshop aims to help you gain a good basic understanding of your responsibilities around data protection and supports you in developing a data protection policy including what to do if a data breach is detected. More details about our workshops can be found here 

 More information from the ICO can be found here

If you require any further advice and guidance on GDPR, please don’t hesitate to contact us at:

Email: info@durhamcommunityaction.org.uk

Telephone: 01388 742040

< Back to posts