The ICO fines for serious failures, not honest mistakes handled properly. A well-managed breach response with prompt notification actually demonstrates good practice. Cover-ups and negligence get fined.

Do we really have to tell people?

Only if there's 'high risk' to them. A minor breach might not require individual notification. But when in doubt, transparency builds trust - people generally appreciate being told even about minor incidents.

What if we're not sure exactly what was accessed?

Report based on what you reasonably believe happened. You can update the ICO as you learn more. Waiting until you know everything often means missing the 72-hour window.

Can we handle this ourselves or do we need lawyers?

Minor breaches can often be handled internally. For significant breaches involving large amounts of personal data, legal advice is sensible - especially if litigation might follow.

How do we report to the ICO?

Online at ico.org.uk/for-organisations/report-a-breach - it's a straightforward form. Keep your reference number. You can also call their helpline for guidance.

You've Discovered a Data Breach - Here's Your Action Plan

Finding out that personal data may have been exposed is alarming. Whether it's a hacked database, leaked files, lost paperwork, or an email sent to the wrong person - you need to act methodically. Here's what UK law requires and what good practice looks like.

Need Help Responding to a Breach?Call 01584 517 234

Does This Sound Familiar?

Common signs you're experiencing this issue

Unauthorised access to systems discovered
Customer data found exposed online
Email with personal data sent to wrong recipients
Lost or stolen documents containing personal information
Employee accessed data they shouldn't have

What's Causing This?

Understanding the root causes helps find the right solution

Cyber Attack

Hackers accessed systems containing personal data.

Human Error

Email to wrong recipient, lost documents, misconfigured systems.

Insider Threat

Employee accessed or took data inappropriately.

Third-Party Breach

A supplier or partner who held your data was compromised.

How We Can Help

Practical solutions to resolve your issues

Contain First

Stop ongoing data loss before investigating fully.

Assess Scope

Determine what data was affected and how many people impacted.

Consider Notification

You may need to report to the ICO within 72 hours.

Document Everything

Keep detailed records of what happened and your response.

First 24 Hours:

Contain the breach - Stop it getting worse. This might mean taking systems offline, revoking access, or retrieving sent emails. Don't destroy evidence, but stop the bleeding.

Assess what happened - What data was involved? How many people affected? How did it happen? Get facts, not speculation.

Determine if ICO notification is needed - Under UK GDPR, you must report to the Information Commissioner's Office (ICO) within 72 hours IF the breach is likely to result in a risk to people's rights and freedoms. Not all breaches need reporting - an email with names sent to the wrong person is different from thousands of financial records being stolen.

When You Must Report to the ICO:
- The data could be used for identity theft or fraud
- Large numbers of people are affected
- Sensitive data categories involved (health, financial, etc.)
- The data wasn't encrypted or protected
- People might suffer significant harm

When You Might Not Need to Report:
- Very minor, contained breaches
- Data was encrypted and keys weren't compromised
- You can demonstrate no real risk of harm

Telling Affected Individuals:
If the breach is likely to result in high risk to individuals, you must also tell them. This isn't about protecting yourself legally - it's about giving people the chance to protect themselves (change passwords, watch for fraud, etc.).

After the Immediate Crisis:
- Document everything for your records
- Conduct a proper investigation into root causes
- Implement changes to prevent recurrence
- Consider whether any disciplinary or legal action is needed
- Review your data protection practices more broadly

Frequently Asked Questions

Common questions about this issue

Ready to Fix This?

Let's get your IT working properly

Need Help Responding to a Breach?View Pricing

Trusted By Local Heroes

Don't just take our word for it.

"Well all I can say is a big shout out to Sam James BSc at Fresh Tech for literally swooping into rescue🦸‍♂️ my computer from being hacked within seconds. Thank goodness I outsource to companies who know what they are doing."

Carole Aveson

CAA Administration Services