Report a data breach (including ‘near misses’)

A personal data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. 

Before you start

Some examples of incidents that would need reporting include: 

  • Equipment failure;
  • Human error;
  • Hacking attacks;
  • Inadvertent disclosure;
  • Access by an unauthorised third party;
  • Computing devices containing personal data being lost or stolen;
  • Altering personal data without permission; and
  • Any 'near miss' incident that had the potential to cause a data breach, even though it might not have done so.

The GDPR introduces a duty on all organisations to report certain types of personal data breach to the relevant supervisory authority. This must be done within 72 hours of becoming aware of the breach, where feasible.

If an incident (or near miss) involves personal data then it must be reported immediately to the UCL Information Security Group. 

To enable them to correctly manage the breach please complete a personal data breach form and send it to isg@ucl.ac.uk 

You can also call on 020 7679 7338 (UCL ext. 37338).

For further guidance please read: reporting a loss of personal data.  

File Report a personal data breach (or near miss)