Legal Services


Guidance note: reporting a loss of personal data (breach)

In cases where there has been an incident which resulted in a potential breach of the GDPR, it is imperative that you report this immediately to Information Security Governance.

While this list is non-exhaustive it does give examples of some of the more common data breaches and 'near misses' that should be reported.

  • Accessing personal data by an unauthorised third party;
  • deliberate or accidental action (or inaction) by a controller or processor affecting the security of personal data;
  • sending personal data to an incorrect recipient;
  • computing devices containing personal data being lost or stolen; 
  • altering personal data without permission; 
  • losing the availability of personal data; and
  • any 'near miss' incident that had the potential to cause a data breach even though it might not have done so.

Please visit the data protection page that has more information on this and how to report a personal data breach. Users should put in [GDPR] in the subject line when contacting ISG.