A hooded figure engaged in hacking using a laptop and smartphone in low light.

Who Needs to Be Told? Notifying Data Subjects After a Breach

ByPrivacyiQ 3 June 20253 June 2025

Should you notify individuals after a breach? UK GDPR requires it if their risk is high. Here’s how to assess that.

If a data breach is likely to result in a high risk to the rights and freedoms of individuals, you must inform them without undue delay.

High-risk examples:

Loss of financial or ID data
Health records exposed
Location or children’s data compromised

Your message should:

Use plain language
Explain what happened and when
List recommended protective steps
Provide contact information

Clear and timely communication helps mitigate harm and maintain trust.

Masked hacker with credit card at computer, symbolizing cybercrime and anonymity.

Breach | Breach: Basics & Responsibilties

What Counts as a Data Breach Under UK GDPR?

ByPrivacyiQ 3 June 20253 June 2025

Not every cyber incident is a GDPR breach. Here’s how to know when you must act. Under UK GDPR, a data breach isn’t just a hack — it’s any security incident that leads to: Examples: Understanding what qualifies as a breach is the first step toward compliance. If in doubt, treat it seriously and investigate…

Mysterious figure wearing a Guy Fawkes mask, illuminated by computer screens in a dark room.

Breach | Data Retention | Prevention & Detection

Breach Risk Increases With Ageing Data

ByPrivacyiQ 1 June 20254 June 2025

The older the data, the more dangerous it becomes. Here’s why ageing data is a hidden security risk. Most cyber breaches don’t happen with fresh data — they happen with old, forgotten, poorly protected files. Why? Retention = risk control. Regularly deleting old personal data significantly reduces the impact of a breach — both legally…

Crop anonymous male putting blank sheet of paper in case placed on wooden table

Breach | Response Planning

Why Documentation Matters in a Breach

ByPrivacyiQ 10 June 2025

Failing to document a breach, even if not reportable, could still cost you. Here’s what you must log. UK GDPR Article 33(5) requires you to document all breaches — whether or not they are reported to the ICO. Each record should include: This record must be made available to the ICO if requested. Good documentation…

A man showing a laptop with a 'You've been hacked' message, symbolizing cyber security threats.

Breach | Response Planning

Building a Breach Response Plan That Works

ByPrivacyiQ 7 June 2025

Building a Breach Response Plan That Works When a breach hits, speed and structure matter. Here’s how to build a response plan that’s ready to go No organisation is immune from data breaches — but how you respond defines the impact. Your plan should include: Rehearse the plan. Breaches don’t wait for calm days.

A dramatic depiction of a hand pressed against a foggy, illuminated window.

Breach | Prevention & Detection

Top 5 Causes of Data Breaches in Professional Services

ByPrivacyiQ 5 June 20256 June 2025

Knowing where breaches start is half the battle. These five causes account for most incidents in professional firms. Most data breaches stem from everyday errors — not hackers. In professional services, the top five causes include: All of these can be reduced with training, tech, and clear policy enforcement.

A woman using her phone at a desk, surrounded by art supplies and a laptop, in a creative workspace.

Data Retention | Data Retention -Employee | Prevention & Detection

Data Retention for Ex-Employees: A Hidden Risk

ByPrivacyiQ 30 May 20253 June 2025

Are you keeping leavers’ data too long? Learn what the law says and how to reduce legal exposure. Many organisations store former employee data indefinitely — just in case. But UK GDPR doesn’t allow for “just in case” retention. Key retention timelines to know: After this period, data should be deleted or anonymised. Keeping more…

Should you notify individuals after a breach? UK GDPR requires it if their risk is high. Here’s how to assess that.

Similar Posts