Data Breaches & UK GDPR - A Guide to ICO Notification Requirements

Introduction

The UK GDPR requires controllers to notify the ICO of ‘personal data breaches’ in most cases and failure to notify increases the likelihood of enforcement action being taken against a controller.

To date, a significant proportion of fines that have been levied under the UK GDPR relate to security concerns and several of these have exceeded £1million. One firm of solicitors has been fined under the UK GDPR in respect of a ransomware attack and another has been publicly reprimanded for security failures.

This webinar summarises the key provisions of the UK GDPR and the relevant ICO guidance and summarises the key lessons to be learned from the ICO’s enforcement action.

What You Will Learn

This webinar will cover the following:

• Meaning of ‘personal data breach’ - wider than you might think
• Notification requirement - when and how to notify any potential changes to this requirement
• Communication requirement - when and how to communicate
• Risk assessment factors
• ICO’s breach reporting form - how to use it
• Law firm enforcement action - lessons to be learned
• Summary of practical steps to take

This webinar was recorded on 28th February 2024