A personal data breach is defined in the Law as a breach of security leading to accidental or unlawful destruction, loss or alteration of personal data or unauthorised disclosure of or access to personal data.
A breach can occur when personal data have been sent to the wrong person, there has been a cyber-attack on your organisations data, personal data have been lost etc.
Read about some common breach scenarios here.
Have a plan in place before that happens.
If you become aware of a breach, you are legally obliged to tell the ODPA within 72 hours after becoming aware unless the breach is unlikely to result in any harm to the individuals whose data are involved.
You may also be required to notify the individuals whose data have been breached in some circumstance.
We have prepared detailed guidance on breach reporting that you might find useful.
The Bailiwick of Guernsey's independent authority which regulates data protection legislation through an ethics-based approach, empowers individuals and protects their rights, promotes excellence in data protection, and supports the data economy to embrace innovation.
Receive regular information and statistics related to our activities and governance
Sign up nowReceive regular information and statistics related to our activities and governance
Sign up nowThe Office of the Data Protection Authority
+44 (0)1481 742074enquiries@odpa.gg
St Martin's House, Le Bordage, St. Peter Port, Guernsey GY1 1BR
Newsletters sign-up Data Processing Notice Careers Cookies
Website by
&
Indulge
© 2023 The Office of the Data Protection Authority.