Data Security Breaches

The GDPR will introduce mandatory breach notifications. All breaches must be reported to the Data Protection Commissioner (DPC), typically within 72 hours, unless the data was anonymised or encrypted. In practice this will mean that most data breaches must be reported to the DPC. Breaches that are likely to bring harm to an individual – such as identity theft or breach of confidentiality – must also be reported to the individuals concerned.

It is worth noting that a failure to report a breach when required to do so could result in a fine, as well as a fine for the breach itself.

What is UCC doing about this?

We are updating our current security breach procedure in line with the GDPR requirements.


Office of Corporate and Legal Affairs

1 st Floor, East Wing, Main Quadrangle,