RNN Group Information Governance and AssuranceReporting A Data Breach

Reporting A Data Breach

The decision to report a data breach, either to the Information Commissioners Office (ICO) or to the data subjects themselves, remains solely with the Group’s Data Protection Officer (DPO).

It is the duty of all Group staff to report data breaches to the DPO as soon as they become ‘aware’ of a breach. Awareness is defined as when a member of staff has a reasonable degree of certainty that a security incident has occurred and that this has led to personal data being compromised.

The GDPR explains that a personal data breach can be categorised as:

“Confidentiality breach” – where there is an unauthorised or accidental disclosure of, or access to, personal data

“Availability breach” – where there is an accidental or unauthorised loss of access to, or destruction of, personal data

“Integrity breach” – where there is an unauthorised or accidental alteration of personal data

It should also be noted that, depending on the circumstances, a breach could concern confidentiality, availability and integrity of personal data at the same time, as well as any combination of these.

Click the following link for further guidance and examples on Personal Data Breach – Identification and action.

Please complete the details below with the incident specifics and click on the ‘submit’ button to report the incident to the data protection team.

Personal Data Breach Reporting

Name*
College/ Organisation*
Department / Location (if applicable)
Contact Number*
Nature of Breach*
Confidentiality breach – where there is an unauthorised or accidental disclosure of, or access to, personal data

Availability breach – where there is an accidental or unauthorised loss of access to, or destruction of, personal data

Integrity breach – where there is an unauthorised or accidental alteration of personal data
Description of incident*
Privacy and Data Protection Accountability Statement
Responsible Body: RNN Group
Purpose: To enable the appropriate investigation and reporting to take place, validate the details you have provided and to facilitate additional contact, should this be necessary.
Lawful Basis: Legal obligation
Recipients: Data will not be transferred to third parties except where a legal obligation exists or that it is required for the Group to perform its duties
Rights: Access and rectification
Additional Information: More information in regards to the RNN Group’s accountability and transparency framework can be found at www.rnngroup.ac.uk/IG
The RNN Group may use your name and email address to inform you of our future offers and similar products or services. This information is not shared with third parties and you can unsubscribe at any time.

The Group’s Data Protection Officer is a resource to the Group and can be contacted directly should urgent assistance be required.

DPO Contact details:
Email : DPO@rnngroup.ac.uk
Call: 01909 504666

General Data Protection questions (internal and external):
dp@rnngroup.ac.uk

Subject Access Requests (SAR), (internal and external):
sar@rnngroup.ac.uk

Dedicated RNN Group Twitter feed for all things Data Protection related:
@rnndataprotect (https://twitter.com/rnndataprotect)