Human error causes most data breaches. Training is your first defence. Here’s what good training includes. Even the best systems fail when staff don’t understand data risk. Good training should cover: Make it: Training isn’t optional — it’s your insurance policy against simple mistakes becoming major incidents.
Should you notify individuals after a breach? UK GDPR requires it if their risk is high. Here’s how to assess that. If a data breach is likely to result in a high risk to the rights and freedoms of individuals, you must inform them without undue delay. High-risk examples: Your message should: Clear and timely…
Not every cyber incident is a GDPR breach. Here’s how to know when you must act. Under UK GDPR, a data breach isn’t just a hack — it’s any security incident that leads to: Examples: Understanding what qualifies as a breach is the first step toward compliance. If in doubt, treat it seriously and investigate…
Fail to notify the ICO of a notifiable breach within 72 hours, and your risk of fines increases. Here’s what to know. When a personal data breach occurs and is likely to result in a hig risk to individuals, you must notify the Information Commissioner’s Office (ICO) within 72 hours of becoming aware. Your report…