Bitesize Data Protection: personal data breaches

Bitesize Data Protection: personal data breaches

Would you recognise a personal data breach?  It’s not only about sending an email to the wrong person.

We provide guidance on Staffnet to help you recognise a breach and on what to do next.  A breach might include you losing personal data, sending information to the wrong person, deleting or corrupting data, or accessing information to which you are not entitled.

It is important to remember that we all have access to personal data, but we only have this access in order to do our job.  You must only access personal data which you are entitled to see.  If you access personal data that you shouldn’t, you may have committed a personal data breach or a criminal offence.

If you think this has happened, the first step to take is to inform the Information Governance team.  We will then undertake a risk assessment to determine the next steps, including letting affected individuals know.

You must always report a suspected personal data breach  to the Information Governance Team. We need to hear about it so that swift action can be taken.   The UK General Data Protection Regulation requires that we record all personal data breaches and consider whether to report them to the Information Commissioner.

If you have any questions about personal data breaches, please contact the Information Governance team at