A personal data breach is defined in the Law as a breach of security leading to accidental or unlawful destruction, loss or alteration of personal data or unauthorised disclosure of or access to personal data.
A breach can occur when personal data have been sent to the wrong person, there has been a cyber-attack on your organisations data, personal data have been lost etc.
Read about some common breach scenarios here.
Have a plan in place before that happens.
If you become aware of a breach, you are legally obliged to tell the ODPA within 72 hours after becoming aware unless the breach is unlikely to result in any harm to the individuals whose data are involved.
You may also be required to notify the individuals whose data have been breached in some circumstance.
We have prepared detailed guidance on breach reporting that you might find useful.
The Bailiwick of Guernsey's independent supervisory authority which regulates data protection legislation. The ODPA protects people by driving responsible use of personal information through helping organisations get it right, deterring harmful information handling, and taking enforcement action against significant non-compliance
Receive regular information and statistics related to our activities and governance
Sign up nowReceive regular information and statistics related to our activities and governance
Sign up nowThe Office of the Data Protection Authority
+44 (0)1481 742074enquiries@odpa.gg
St Martin's House, Le Bordage, St. Peter Port, Guernsey GY1 1BR
Newsletters sign-up Data Processing Notice Careers Cookies
Website by
&
Indulge
© 2023 The Office of the Data Protection Authority.