The morning from hell…and what to do next.
The immediate aftermath of a data breach is a worrying time for all concerned. Various steps need to be taken quickly to ensure that the response is appropriate and the harm to the organisation is minimised. This will involve a carefully co-ordinated response across a variety of disciplines - all of which will be underpinned by legal advice.
A key legal consideration will be whether to inform the Information Commissioner's Office ("ICO") (the regulator tasked with handling data protection matters in the UK) of the breach.
The first question will be whether you actually need to make a notification to the ICO. You will then need to decide when and how such notification should be made. In certain circumstances individuals affected by the data breach may also need to be informed. Our lawyers can help you formulate your response and deal with all of this. You should get us involved from the very beginning. If a
notification to the ICO is to be made then this should be done quickly (the General Data Protection Regulation imposes tight timescales).
Our data protection experts outline the key things to consider in the immediate aftermath of a breach.