- Back to Data Protection
- GDPR Overview
- Key GDPR Changes
- Data Protection Notices
- UCC's GDPR Project
- Individual Rights
- Data Security Breaches
- Privacy by Design & Default
- Data Protection Impact Assessments (DPIA's)
- Frequently Asked Questions
- Training and Resources
- Data Protection Policy
- Contact Information
Data Security Breaches
- Inform your Head of Department/Unit about the breach immediately
- Head of Department/Unit must inform the Information Compliance Manager (E: email@example.com T: (021) 490 3949)
- Head of Department/Unit must complete part 1 of the Personal Data Security Breach Report Form and email it to firstname.lastname@example.org
- Act quickly! Don't Delay!
The GDPR has introduced mandatory breach notifications. All breaches must be reported to the Data Protection Commission (DPC), typically within 72 hours, unless the data was anonymised or encrypted. In practice this means that most data breaches must be reported to the DPC. Breaches that are likely to bring harm to an individual – such as identity theft or breach of confidentiality – must also be reported to the individuals concerned.
It is worth noting that a failure to report a breach when required to do so could result in a fine, as well as a fine for the breach itself.
If you discover a breach or potential breach, inform your head of department who should then inform the Information Compliance Manager (email@example.com) and complete Section 1 of the Personal Data Security Breach Report Form.