{"id":177484,"date":"2022-10-21T04:51:48","date_gmt":"2022-10-21T03:51:48","guid":{"rendered":"https:\/\/legalvision.co.uk\/?p=177484"},"modified":"2022-11-23T04:16:55","modified_gmt":"2022-11-23T04:16:55","slug":"after-data-breach","status":"publish","type":"post","link":"https:\/\/legalvision.co.uk\/data-privacy-it\/after-data-breach\/","title":{"rendered":"What Steps Should My Company Take Following a Data Protection Breach at Work in the UK?\u00a0"},"content":{"rendered":"\n<p>Suffering a data protection breach is every business owner\u2019s nightmare. First and foremost, there is a possibility of cyber criminals accessing sensitive information. In most scenarios, you must inform the <a href=\"https:\/\/ico.org.uk\/\">Information Commissioner&#8217;s Office<\/a> (ICO) of the breach. Being proactive after a data breach is an excellent first step in minimising damage. Additionally, it may minimise any penalties you may receive from the ICO. This article will look at some helpful steps your company could take following any data protection breach.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What is a Data Protection Breach?<\/h2>\n\n\n\n<p>The ICO defines a personal data breach as a <em>\u2018breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data\u2019<\/em>.<\/p>\n\n\n\n<p>Put more broadly, if an unauthorised user has accessed personal information and stolen, distributed or destroyed that data, it is very likely to constitute a personal data breach. This is the case whether that individual is internal (say, a staff member) or external (a cybercriminal).<\/p>\n\n\n\n<p>Accidental loss of information or human error can also constitute a personal data breach. For example, if an employee accidentally deletes a folder full of data or a hard drive fails.<\/p>\n\n\n\n<p>Your business should try to avoid data breaches for several reasons. Firstly, the misuse of your information can cause problems for your business, including damaging your reputation and the potential theft of vital data. Furthermore, the ICO have the power to <a href=\"https:\/\/legalvision.co.uk\/data-privacy-it\/biggest-fines-ico\/\">impose a fine of up to \u00a317.5 million<\/a> for breaches of data protection law.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">1. Follow a Data Breach Action Plan<\/h2>\n\n\n\n<p>A data breach action plan details the actions your company needs to consider after suffering a data breach. Many business owners ask a lawyer or data protection officer to draft this plan.<\/p>\n\n\n\n<p>These plans usually cover data breaches relate to:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>sensitive information which, if lost or stolen, may cause financial loss to your organisation, including trade secrets, intellectual property (IP) and confidential information; and<\/li>\n\n\n\n<li>information classified as \u2018<a href=\"https:\/\/legalvision.co.uk\/ecommerce-online-business\/personal-data-e-commerce\/\">personal data<\/a>\u2019 under the General Data Protection Regulation (UK GDPR), including \u2018personally identifiable information\u2019 that can identify individuals.<\/li>\n<\/ul>\n\n\n\n<p>Regardless of the type of information that has been lost or stolen, your data breach action plan is likely to contain some of the following steps:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>determine the nature and extent of the breach (for example, whether it was due to an external cyber attack or internal error);<\/li>\n\n\n\n<li>take swift and sensible steps to limit the damage caused by the breach;<\/li>\n\n\n\n<li>calculate the potential harm to individuals and whether it is appropriate to notify them of the breach;<\/li>\n\n\n\n<li>decide on remedial action to guard against the same type of breach happening again (which could include staff training and increasing your cyber defences); and<\/li>\n\n\n\n<li>conclude whether your organisation should notify the ICO of the breach.<\/li>\n<\/ul>\n\n\n\n\n<a href=\"#content-next\"\n   class=\"block p-4 mt-10 text-xl font-bold text-center text-white no-underline bg-gray-800 rounded-t-xl\">\n    Continue reading this article below the form\n    <i class=\"text-xl fa-regular fa-arrow-down\"><\/i>\n<\/a>\n<div class=\"px-6 pt-10 pb-12 mb-10 text-center bg-gray-100 rounded-b-xl sm:px-12 test\">\n    <div class=\"mb-8 text-2xl font-bold text-orange\">\n        Need legal advice?\n        <br>\n        <span class=\"text-lg not-prose\">\n                            Call <a href=\"tel:+448081968584\" class=\"not-prose\">0808 196 8584<\/a> for urgent assistance.\n                <br>\n                Otherwise, complete this form, and we will contact you within one business day.\n                    <\/span>\n    <\/div>\n\n    \n\n<div class=\"not-prose flex justify-center text-left gform_input_bg_white    \">\n    <script>\nvar gform;gform||(document.addEventListener(\"gform_main_scripts_loaded\",function(){gform.scriptsLoaded=!0}),document.addEventListener(\"gform\/theme\/scripts_loaded\",function(){gform.themeScriptsLoaded=!0}),window.addEventListener(\"DOMContentLoaded\",function(){gform.domLoaded=!0}),gform={domLoaded:!1,scriptsLoaded:!1,themeScriptsLoaded:!1,isFormEditor:()=>\"function\"==typeof InitializeEditor,callIfLoaded:function(o){return!(!gform.domLoaded||!gform.scriptsLoaded||!gform.themeScriptsLoaded&&!gform.isFormEditor()||(gform.isFormEditor()&&console.warn(\"The use of gform.initializeOnLoaded() is deprecated in the form editor context and will be removed in Gravity Forms 3.1.\"),o(),0))},initializeOnLoaded:function(o){gform.callIfLoaded(o)||(document.addEventListener(\"gform_main_scripts_loaded\",()=>{gform.scriptsLoaded=!0,gform.callIfLoaded(o)}),document.addEventListener(\"gform\/theme\/scripts_loaded\",()=>{gform.themeScriptsLoaded=!0,gform.callIfLoaded(o)}),window.addEventListener(\"DOMContentLoaded\",()=>{gform.domLoaded=!0,gform.callIfLoaded(o)}))},hooks:{action:{},filter:{}},addAction:function(o,r,e,t){gform.addHook(\"action\",o,r,e,t)},addFilter:function(o,r,e,t){gform.addHook(\"filter\",o,r,e,t)},doAction:function(o){gform.doHook(\"action\",o,arguments)},applyFilters:function(o){return gform.doHook(\"filter\",o,arguments)},removeAction:function(o,r){gform.removeHook(\"action\",o,r)},removeFilter:function(o,r,e){gform.removeHook(\"filter\",o,r,e)},addHook:function(o,r,e,t,n){null==gform.hooks[o][r]&&(gform.hooks[o][r]=[]);var d=gform.hooks[o][r];null==n&&(n=r+\"_\"+d.length),gform.hooks[o][r].push({tag:n,callable:e,priority:t=null==t?10:t})},doHook:function(r,o,e){var t;if(e=Array.prototype.slice.call(e,1),null!=gform.hooks[r][o]&&((o=gform.hooks[r][o]).sort(function(o,r){return o.priority-r.priority}),o.forEach(function(o){\"function\"!=typeof(t=o.callable)&&(t=window[t]),\"action\"==r?t.apply(null,e):e[0]=t.apply(null,e)})),\"filter\"==r)return e[0]},removeHook:function(o,r,t,n){var e;null!=gform.hooks[o][r]&&(e=(e=gform.hooks[o][r]).filter(function(o,r,e){return!!(null!=n&&n!=o.tag||null!=t&&t!=o.priority)}),gform.hooks[o][r]=e)}});\n<\/script>\n\n                <div class='gf_browser_chrome gform_wrapper gravity-theme gform-theme--no-framework lawyer-form_wrapper gplaceholder_wrapper form-with-labels-no-asterisks_wrapper has-new-validation-error-styling_wrapper' data-form-theme='gravity-theme' data-form-index='0' id='gform_wrapper_2453' style='display:none'><div id='gf_2453' class='gform_anchor' tabindex='-1'><\/div><form method='post' enctype='multipart\/form-data' target='gform_ajax_frame_2453' id='gform_2453' class='lawyer-form gplaceholder form-with-labels-no-asterisks has-new-validation-error-styling' action='\/api\/wp\/v2\/posts\/177484#gf_2453' data-formid='2453' novalidate>\n                        <div class='gform-body gform_body'><div id='gform_fields_2453' class='gform_fields top_label form_sublabel_below description_below validation_below'><div id=\"field_2453_1000\" class=\"gfield gfield--type-honeypot gform_validation_container field_sublabel_below gfield--has-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_1000'>Email<\/label><div class='ginput_container'><input name='input_1000' id='input_2453_1000' type='text' value='' autocomplete='new-password'\/><\/div><div class='gfield_description' id='gfield_description_2453_1000'>This field is for validation purposes and should be left unchanged.<\/div><\/div><div id=\"field_2453_1\" class=\"gfield gfield--type-text gfield--input-type-text gf_left_half gfield--width-half gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_1'>First Name<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_text'><input name='input_1' id='input_2453_1' type='text' value='' class='medium'     aria-required=\"true\" aria-invalid=\"false\"   \/><\/div><\/div><div id=\"field_2453_12\" class=\"gfield gfield--type-text gfield--input-type-text gf_right_half gfield--width-half gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_12'>Last Name<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_text'><input name='input_12' id='input_2453_12' type='text' value='' class='medium'     aria-required=\"true\" aria-invalid=\"false\"   \/><\/div><\/div><div id=\"field_2453_2\" class=\"gfield gfield--type-email gfield--input-type-email gf_left_half gfield--width-half gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_2'>Email Address<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_email'>\n                            <input name='input_2' id='input_2453_2' type='email' value='' class='medium'    aria-required=\"true\" aria-invalid=\"false\"  \/>\n                        <\/div><\/div><div id=\"field_2453_3\" class=\"gfield gfield--type-phone gfield--input-type-phone gf_right_half gfield--width-half gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_3'>Phone<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_phone'><input name='input_3' id='input_2453_3' type='tel' value='' class='medium'   aria-required=\"true\" aria-invalid=\"false\"   \/><\/div><\/div><div id=\"field_2453_14\" class=\"gfield gfield--type-select gfield--input-type-select gfield--width-full custom-select gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_14'>Number of Employees in Your Business<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_select'><select name='input_14' id='input_2453_14' class='large gfield_select'    aria-required=\"true\" aria-invalid=\"false\" ><option value='' selected='selected'>Select ...<\/option><option value='0' >0<\/option><option value='1' >1-5<\/option><option value='6' >6-20<\/option><option value='21' >21-50<\/option><option value='51' >51-250<\/option><option value='250' >250+<\/option><\/select><\/div><\/div><div id=\"field_2453_4\" class=\"gfield gfield--type-textarea gfield--input-type-textarea gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_4'>Tell us about your enquiry<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_textarea'><textarea name='input_4' id='input_2453_4' class='textarea medium'     aria-required=\"true\" aria-invalid=\"false\"   rows='10' cols='50'><\/textarea><\/div><\/div><div id=\"field_2453_5\" class=\"gfield gfield--type-html gfield--input-type-html gfield_html gfield_html_formatted gfield_no_follows_desc field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  >By submitting this form, you agree to receive emails from LegalVision and can unsubscribe at any time. View our <a href=\"https:\/\/legalvision.co.uk\/privacy-notice\/\" target=\"_blank\">Privacy Policy<\/a>. <\/div><div id=\"field_2453_8\" class=\"gfield gfield--type-hidden gfield--input-type-hidden gform_hidden field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><div class='ginput_container ginput_container_text'><input name='input_8' id='input_2453_8' type='hidden' class='gform_hidden'  aria-invalid=\"false\" value='http:\/\/legalvision.co.uk\/api\/wp\/v2\/posts\/177484' \/><\/div><\/div><div id=\"field_2453_13\" class=\"gfield gfield--type-hidden gfield--input-type-hidden gform_hidden field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><div class='ginput_container ginput_container_text'><input name='input_13' id='input_2453_13' type='hidden' class='gform_hidden'  aria-invalid=\"false\" value='generic_form' \/><\/div><\/div><fieldset id=\"field_2453_999\" class=\"gfield gfield--type-checkbox gfield--type-choice gfield__uk-marketo-opt-in field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><legend class='gfield_label gform-field-label screen-reader-text' ><\/legend><div class='ginput_container ginput_container_checkbox'><div class='gfield_checkbox ' id='input_2453_999'><div class='gchoice gchoice_2453_999_1'>\n\t\t\t\t\t\t\t\t<input class='gfield-choice-input' name='input_999.1' type='checkbox'  value='1'  id='choice_2453_999_1'   \/>\n\t\t\t\t\t\t\t\t<label for='choice_2453_999_1' id='label_2453_999_1' class='gform-field-label gform-field-label--type-inline'>By submitting this form, you agree to receive content and event invitations from us to help you grow your business. If you do not want to receive such messages, tick here.<\/label>\n\t\t\t\t\t\t\t<\/div><\/div><\/div><\/fieldset><\/div><\/div>\n        <div class='gform-footer gform_footer top_label'> <button type=\"submit\" id=\"gform_submit_button_2453\" class=\"gform_button button\" onclick=\"gform.submission.handleButtonClick(this);\" data-submission-type=\"submit\"><span class=\"gform_submit_button__text\">Submit Now<\/span><\/button> <input type='hidden' name='gform_ajax' value='form_id=2453&amp;title=&amp;description=&amp;tabindex=0&amp;theme=gravity-theme&amp;hash=ec2463697d0d9cef7b71236ae60964c7' \/>\n            <input type='hidden' class='gform_hidden' name='gform_submission_method' data-js='gform_submission_method_2453' value='iframe' \/>\n            <input type='hidden' class='gform_hidden' name='gform_theme' data-js='gform_theme_2453' id='gform_theme_2453' value='gravity-theme' \/>\n            <input type='hidden' class='gform_hidden' name='gform_style_settings' data-js='gform_style_settings_2453' id='gform_style_settings_2453' value='' \/>\n            <input type='hidden' class='gform_hidden' name='is_submit_2453' value='1' \/>\n            <input type='hidden' class='gform_hidden' name='gform_submit' value='2453' \/>\n            \n            <input type='hidden' class='gform_hidden' name='gform_currency' data-currency='GBP' value='Ekph9E7gZofsA1E+9QGHSsIRJXoShe7K9bIzsv4JM\/1HJkgG237ROGJgRrlyCczXmuE7oc+KYpnA7xyPNCnIUbsBaHeTdpslEWwTTx8B3xI+L3U=' \/>\n            <input type='hidden' class='gform_hidden' name='gform_unique_id' value='' \/>\n            <input type='hidden' class='gform_hidden' name='state_2453' value='WyJ7XCIxNFwiOltcIjIyODY0N2ViMWU3NTcxZjA4YTY4NGJmMDcwMTk3Y2I0XCIsXCJiMzk3YmQ1MDBmMmFjNjk1ODE4MzdmNTBhYTA2MzQ0OFwiLFwiNGYyNGZkZGEwMzlkNDUxMWFhZGE1NGYwZmQwZmNiZTdcIixcIjUyMmJkMDE2M2I2ZmEwOTI3NDZhZjU5YTg0ZmM1NDk5XCIsXCIzODRlNjk1YjQxMTAzMWFiYmQ2ODEyMGYyZWFhMDYyNlwiLFwiYjkzNDcwNTE2MjkxOGRjZWViMjQzNzRjNmE0NGVmNTlcIixcIjQxMTliODZhMzVjYzJiMWViNDZiMmQ4NjRlNGUzZmNjXCJdfSIsIjQ3MjNiMzA2ZDIyZGVkODA2N2YyMjYyOThkYzI1ODVmIl0=' \/>\n            <input type='hidden' autocomplete='off' class='gform_hidden' name='gform_target_page_number_2453' id='gform_target_page_number_2453' value='0' \/>\n            <input type='hidden' autocomplete='off' class='gform_hidden' name='gform_source_page_number_2453' id='gform_source_page_number_2453' value='1' \/>\n            <input type='hidden' name='gform_field_values' value='' \/>\n            \n        <\/div>\n                        <\/form>\n                        <\/div>\n\t\t                <iframe style='display:none;width:0px;height:0px;' src='about:blank' name='gform_ajax_frame_2453' id='gform_ajax_frame_2453' title='This iframe contains the logic required to handle Ajax powered Gravity Forms.'><\/iframe>\n\t\t                <script>\ngform.initializeOnLoaded( function() {gformInitSpinner( 2453, 'https:\/\/legalvision.co.uk\/wp-content\/themes\/legalv-v6\/img\/spinner.svg', true );jQuery('#gform_ajax_frame_2453').on('load',function(){var contents = jQuery(this).contents().find('*').html();var is_postback = contents.indexOf('GF_AJAX_POSTBACK') >= 0;if(!is_postback){return;}var form_content = jQuery(this).contents().find('#gform_wrapper_2453');var is_confirmation = jQuery(this).contents().find('#gform_confirmation_wrapper_2453').length > 0;var is_redirect = contents.indexOf('gformRedirect(){') >= 0;var is_form = form_content.length > 0 && ! is_redirect && ! is_confirmation;var mt = parseInt(jQuery('html').css('margin-top'), 10) + parseInt(jQuery('body').css('margin-top'), 10) + 100;if(is_form){form_content.find('form').css('opacity', 0);jQuery('#gform_wrapper_2453').html(form_content.html());if(form_content.hasClass('gform_validation_error')){jQuery('#gform_wrapper_2453').addClass('gform_validation_error');} else {jQuery('#gform_wrapper_2453').removeClass('gform_validation_error');}setTimeout( function() { \/* delay the scroll by 50 milliseconds to fix a bug in chrome *\/ jQuery(document).scrollTop(jQuery('#gform_wrapper_2453').offset().top - mt); }, 50 );if(window['gformInitDatepicker']) {gformInitDatepicker();}if(window['gformInitPriceFields']) {gformInitPriceFields();}var current_page = jQuery('#gform_source_page_number_2453').val();gformInitSpinner( 2453, 'https:\/\/legalvision.co.uk\/wp-content\/themes\/legalv-v6\/img\/spinner.svg', true );jQuery(document).trigger('gform_page_loaded', [2453, current_page]);window['gf_submitting_2453'] = false;}else if(!is_redirect){var confirmation_content = jQuery(this).contents().find('.GF_AJAX_POSTBACK').html();if(!confirmation_content){confirmation_content = contents;}jQuery('#gform_wrapper_2453').replaceWith(confirmation_content);jQuery(document).scrollTop(jQuery('#gf_2453').offset().top - mt);jQuery(document).trigger('gform_confirmation_loaded', [2453]);window['gf_submitting_2453'] = false;wp.a11y.speak(jQuery('#gform_confirmation_message_2453').text());}else{jQuery('#gform_2453').append(contents);if(window['gformRedirect']) {gformRedirect();}}jQuery(document).trigger(\"gform_pre_post_render\", [{ formId: \"2453\", currentPage: \"current_page\", abort: function() { this.preventDefault(); } }]);        if (event && event.defaultPrevented) {                return;        }        const gformWrapperDiv = document.getElementById( \"gform_wrapper_2453\" );        if ( gformWrapperDiv ) {            const visibilitySpan = document.createElement( \"span\" );            visibilitySpan.id = \"gform_visibility_test_2453\";            gformWrapperDiv.insertAdjacentElement( \"afterend\", visibilitySpan );        }        const visibilityTestDiv = document.getElementById( \"gform_visibility_test_2453\" );        let postRenderFired = false;        function triggerPostRender() {            if ( postRenderFired ) {                return;            }            postRenderFired = true;            gform.core.triggerPostRenderEvents( 2453, current_page );            if ( visibilityTestDiv ) {                visibilityTestDiv.parentNode.removeChild( visibilityTestDiv );            }        }        function debounce( func, wait, immediate ) {            var timeout;            return function() {                var context = this, args = arguments;                var later = function() {                    timeout = null;                    if ( !immediate ) func.apply( context, args );                };                var callNow = immediate && !timeout;                clearTimeout( timeout );                timeout = setTimeout( later, wait );                if ( callNow ) func.apply( context, args );            };        }        const debouncedTriggerPostRender = debounce( function() {            triggerPostRender();        }, 200 );        if ( visibilityTestDiv && visibilityTestDiv.offsetParent === null ) {            const observer = new MutationObserver( ( mutations ) => {                mutations.forEach( ( mutation ) => {                    if ( mutation.type === 'attributes' && visibilityTestDiv.offsetParent !== null ) {                        debouncedTriggerPostRender();                        observer.disconnect();                    }                });            });            observer.observe( document.body, {                attributes: true,                childList: false,                subtree: true,                attributeFilter: [ 'style', 'class' ],            });        } else {            triggerPostRender();        }    } );} );\n<\/script>\n<\/div>\n<\/div>\n<div id=\"content-next\"><!-- scroll anchor --><\/div>\n<h2 class=\"wp-block-heading\">2. Consider Self-Referral to ICO<\/h2>\n\n\n\n<p>As per above, most data breach action plans include determining whether to report the breach to the ICO.<\/p>\n\n\n\n<p>Suppose the breach results in a likely risk to people\u2019s rights and freedoms. This means their information is in someone else&#8217;s hands and may result in unlawful activity, such as identity theft. If this is the case, your company should refer itself within 72 hours.<\/p>\n\n\n\n<p>However, you do not have to report every breach to the ICO. For this purpose, the <a href=\"https:\/\/legalvision.co.uk\/data-privacy-it\/ico-website-important\/\">ICO provides a self-assessment test on their website<\/a>. At the end of the test, the website will advise you on whether your organisation should or should not report a breach.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">3. Learn Future Lessons and Improve Data Security<\/h2>\n\n\n\n<p>Cybercriminals are increasingly targeting businesses in England.&nbsp; Most cybercriminals do so intentionally due to the value of the customer and employee information held by companies.<\/p>\n\n\n\n<p>It is becoming increasingly essential that businesses guard against the two primary forms of cyber attacks:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>ransomware attacks; and&nbsp;<\/li>\n\n\n\n<li>data breaches.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>In summary, the first type occurs when a hacker locks you out of your information and demands a ransom. The second involves cybercriminals stealing data for unlawful purposes, such as identity theft.<\/p>\n\n\n\n<p>In the event your business suffers a data protection breach, you might:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>carry out annual cyber security audits;<\/li>\n\n\n\n<li>immediately instal updates to computer systems, software and operating systems;<\/li>\n\n\n\n<li>train staff in cybersecurity and data protection matters and provide refresher courses; and<\/li>\n\n\n\n<li>ensure regular use of strong passwords and two-factor authentication (requiring a second device to grant access after any password entry).<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Key Takeaways<\/h2>\n\n\n\n<p>It is more important than ever to take proactive measures to guard against a personal data breach and to show your initial actions should one ever occur. This is because businesses face a high risk of cyber attacks and of receiving a fine from the ICO if personal or sensitive data ends up in the wrong hands. Overall, your company should aim to respond quickly and effectively to any suspected data breach and prioritise minimising any damage.<\/p>\n\n\n\n<p>If you need help taking appropriate action following a data protection breach, our experienced <a href=\"https:\/\/legalvision.co.uk\/it-lawyers-lp\/\">data, privacy and IT lawyers<\/a> can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents.\u00a0Call us today on <a href=\"tel:+448081968584\" class=\"AVANSERnumber dynamic-number\">0808 196 8584<\/a> or visit our <a href=\"https:\/\/legalvision.co.uk\/membership\/\">membership page<\/a>.\u00a0\u00a0<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Frequently Asked Questions<\/h2>\n\n\n\n<div class=\"schema-faq wp-block-yoast-faq-block\"><div class=\"schema-faq-section\" id=\"faq-question-1666324120940\"><strong class=\"schema-faq-question\"><strong>Why do the ICO punish organisations that suffer cyber intrusion?\u00a0<\/strong><\/strong> <p class=\"schema-faq-answer\">The ICO punish organisations that put individuals\u2019 personal data at risk. Therefore, if your organisation has weak system security and this allows access to unauthorised users, the ICO is likely to take a dim view regarding financial penalties.<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1666324129940\"><strong class=\"schema-faq-question\"><strong>Why does the ICO place such a high value on personal details?<\/strong><\/strong> <p class=\"schema-faq-answer\">Because the purpose of the ICO (and the GDPR and Data Protection Act) is to ensure that organisations in England guard against the loss of private information. This is because the loss or theft of personal data can have severe consequences, such as identity theft<\/p> <\/div> <\/div>\n\n\n\n\n<div class=\"not-prose m-feedback-prompt\">\n    <!-- Thumbs up\/down bar -->\n    <div class=\"m-feedback-prompt__main\">\n        <div class=\"m-feedback-prompt__title\">Was this article helpful?<\/div>\n        <div>\n            <!--span class=\"m-feedback-prompt__button--text\">Thanks!<\/span-->\n            <button type=\"button\" class=\"m-feedback-prompt__button m-feedback-prompt__button--yes\"\n                    data-analytics-link=\"feedback-prompt:yes\" aria-label=\"Agree\">\n                <i class=\"fa-regular fa-thumbs-up fa-3x\"><\/i>\n            <\/button>\n            <button type=\"button\" class=\"m-feedback-prompt__button m-feedback-prompt__button--no\"\n                    data-analytics-link=\"feedback-prompt:no\" aria-label=\"Disagree\">\n                <i class=\"fa-regular fa-thumbs-down fa-3x\"><\/i>\n            <\/button>\n        <\/div>\n    <\/div>\n\n    <!-- Feedback form -->\n    <div class=\"m-feedback-prompt__form\">\n        <div class=\"m-feedback-prompt__form--thanks \">\n            <div>Thanks!<\/div>\n            <p>\n                We appreciate your feedback \u2013 your submission has been successfully received.            <\/p>\n        <\/div>\n        <form id=\"contact-form\" class=\"m-feedback-prompt__form--form\" action=\"\" method=\"post\">\n            <input type=\"hidden\" id=\"authenticity_token\" name=\"authenticity_token\" value=\"621817add0\" \/><input type=\"hidden\" name=\"_wp_http_referer\" value=\"\/api\/wp\/v2\/posts\/177484\" \/>            <input value=\"https:\/\/legalvision.co.uk\/data-privacy-it\/after-data-breach\/\" type=\"hidden\" name=\"currenturl\"\n                   id=\"currenturl\">\n            <input value=\"What Steps Should My Company Take Following a Data Protection Breach at Work in the UK?\u00a0\" type=\"hidden\" name=\"currenttitle\"\n                   id=\"currenttitle\">\n            <label>\n                <!-- display on thumbs-up -->\n                <span class=\"m-feedback-prompt__feedback m-feedback-prompt__feedback--yes\">\n                    Can you tell us <span class=\"font-semibold\">why<\/span> you found it helpful?\n                <\/span>\n\n                <!-- display on thumbs-down -->\n                <span class=\"m-feedback-prompt__feedback m-feedback-prompt__feedback--no text-lg\">\n                    How can we better improve this article?\n                <\/span>\n                <textarea name=\"feedbackmessage\" id=\"feedbackmessage\" required><\/textarea>\n            <\/label>\n\n            <div class=\"m-feedback-prompt__form--error\" id=\"form-submit-error\"><\/div>\n            <button id=\"submit-contact-form-button\" type=\"submit\" name=\"commit\" class=\"m-feedback-prompt__form--submit\"\n                    data-analytics-link=\"feedback-prompt:submit\">\n                Submit            <\/button>\n        <\/form>\n    <\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Suffering a data protection breach is every business owner\u2019s nightmare. First and foremost, there is a possibility of cyber criminals accessing sensitive information. In most scenarios, you must inform the Information Commissioner&#8217;s Office (ICO) of the breach. Being proactive after a data breach is an excellent first step in minimising damage. Additionally, it may minimise<a href=\"https:\/\/legalvision.co.uk\/data-privacy-it\/after-data-breach\/\">Continue reading <span class=\"sr-only\">&#8220;What Steps Should My Company Take Following a Data Protection Breach at Work in the UK?\u00a0&#8220;<\/span><\/a><\/p>\n","protected":false},"author":13349,"featured_media":3188,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"177268,176625,1737,176396,177102,175276","_relevanssi_noindex_reason":"","editor_notices":[],"footnotes":""},"categories":[27],"tags":[20,21,642,746],"class_list":["post-177484","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-data-privacy-it","tag-small-business","tag-medium-business","tag-gdpr-complicance","tag-ico"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>What Should I Do After a Data Breach? | LegalVision UK<\/title>\n<meta name=\"description\" content=\"This article explores what your business should do following a data breach to comply with the ICO&#039;s requirements and avoid a penalty.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/legalvision.co.uk\/data-privacy-it\/after-data-breach\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What Should I Do After a Data Breach? | LegalVision UK\" \/>\n<meta property=\"og:description\" content=\"This article explores what your business should do following a data breach to comply with the ICO&#039;s requirements and avoid a penalty.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/legalvision.co.uk\/data-privacy-it\/after-data-breach\/\" \/>\n<meta property=\"og:site_name\" content=\"LegalVision UK\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/LegalVision\" \/>\n<meta property=\"article:published_time\" content=\"2022-10-21T03:51:48+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-11-23T04:16:55+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/05\/24121932\/business-image-0522129.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"858\" \/>\n\t<meta property=\"og:image:height\" content=\"643\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Thomas Sutherland\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@LegalVision_law\" \/>\n<meta name=\"twitter:site\" content=\"@LegalVision_law\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Thomas Sutherland\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/after-data-breach\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/after-data-breach\/\"},\"author\":{\"name\":\"Thomas Sutherland\",\"@id\":\"https:\/\/legalvision.co.uk\/#\/schema\/person\/46d22f7d1b4ba321fe5b1cdc648cc5d2\"},\"headline\":\"What Steps Should My Company Take Following a Data Protection Breach at Work in the UK?\u00a0\",\"datePublished\":\"2022-10-21T03:51:48+00:00\",\"dateModified\":\"2022-11-23T04:16:55+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/after-data-breach\/\"},\"wordCount\":978,\"image\":{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/after-data-breach\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/05\/24121932\/business-image-0522129.jpg\",\"keywords\":[\"small business\",\"medium business\",\"gdpr complicance\",\"ICO\"],\"articleSection\":[\"Data, Privacy and IT Articles\"],\"inLanguage\":\"en-GB\"},{\"@type\":[\"WebPage\",\"FAQPage\"],\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/after-data-breach\/\",\"url\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/after-data-breach\/\",\"name\":\"What Should I Do After a Data Breach? | LegalVision UK\",\"isPartOf\":{\"@id\":\"https:\/\/legalvision.co.uk\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/after-data-breach\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/after-data-breach\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/05\/24121932\/business-image-0522129.jpg\",\"datePublished\":\"2022-10-21T03:51:48+00:00\",\"dateModified\":\"2022-11-23T04:16:55+00:00\",\"author\":{\"@id\":\"https:\/\/legalvision.co.uk\/#\/schema\/person\/46d22f7d1b4ba321fe5b1cdc648cc5d2\"},\"description\":\"This article explores what your business should do following a data breach to comply with the ICO's requirements and avoid a penalty.\",\"breadcrumb\":{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/after-data-breach\/#breadcrumb\"},\"mainEntity\":[{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/after-data-breach\/#faq-question-1666324120940\"},{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/after-data-breach\/#faq-question-1666324129940\"}],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/legalvision.co.uk\/data-privacy-it\/after-data-breach\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/after-data-breach\/#primaryimage\",\"url\":\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/05\/24121932\/business-image-0522129.jpg\",\"contentUrl\":\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/05\/24121932\/business-image-0522129.jpg\",\"width\":858,\"height\":643,\"caption\":\"E-Commerce Regulations 2002: Legal Implications | LegalVision\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/after-data-breach\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/legalvision.co.uk\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Data, Privacy and IT Articles\",\"item\":\"https:\/\/legalvision.co.uk\/category\/data-privacy-it\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"What Steps Should My Company Take Following a Data Protection Breach at Work in the UK?\u00a0\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/legalvision.co.uk\/#website\",\"url\":\"https:\/\/legalvision.co.uk\/\",\"name\":\"LegalVision UK\",\"description\":\"LegalVision is a commercial law firm in the UK with a commitment to innovation\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/legalvision.co.uk\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/legalvision.co.uk\/#\/schema\/person\/46d22f7d1b4ba321fe5b1cdc648cc5d2\",\"name\":\"Thomas Sutherland\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/legalvision.co.uk\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/legalvision.co.uk\/wp-content\/uploads\/sites\/4\/2022\/05\/cropped-Thomas-Sutherland-96x96.jpg\",\"contentUrl\":\"https:\/\/legalvision.co.uk\/wp-content\/uploads\/sites\/4\/2022\/05\/cropped-Thomas-Sutherland-96x96.jpg\",\"caption\":\"Thomas Sutherland\"},\"description\":\"Tom is an Expert Legal Contributor for LegalVision. He has particular expertise in Commercial and Employment litigation, as well as data protection and privacy regulations. He is a qualified Solicitor in England and Wales and has a decade of legal experience, including advocacy within civil courts and Tribunals. Tom specialises in civil and employment litigation. He has extensive experience in advising employers and companies as to the requirements of employment law and data protection rules, as well as day-to-day advice on smooth running from a commercial perspective. Qualifications: Professional Skills Course - Law, University of Law; Legal Practice Course - Law, College of Law; Bachelor of Laws, University of Southampton.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/tom-sutherland-72b4509b\/\"],\"url\":\"https:\/\/legalvision.co.uk\/author\/thomassutherland\/\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/after-data-breach\/#faq-question-1666324120940\",\"name\":\"Why do the ICO punish organisations that suffer cyber intrusion?\u00a0\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"The ICO punish organisations that put individuals\u2019 personal data at risk. Therefore, if your organisation has weak system security and this allows access to unauthorised users, the ICO is likely to take a dim view regarding financial penalties.\",\"inLanguage\":\"en-GB\"},\"inLanguage\":\"en-GB\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/after-data-breach\/#faq-question-1666324129940\",\"name\":\"Why does the ICO place such a high value on personal details?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Because the purpose of the ICO (and the GDPR and Data Protection Act) is to ensure that organisations in England guard against the loss of private information. This is because the loss or theft of personal data can have severe consequences, such as identity theft\",\"inLanguage\":\"en-GB\"},\"inLanguage\":\"en-GB\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"What Should I Do After a Data Breach? | LegalVision UK","description":"This article explores what your business should do following a data breach to comply with the ICO's requirements and avoid a penalty.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/legalvision.co.uk\/data-privacy-it\/after-data-breach\/","og_locale":"en_GB","og_type":"article","og_title":"What Should I Do After a Data Breach? | LegalVision UK","og_description":"This article explores what your business should do following a data breach to comply with the ICO's requirements and avoid a penalty.","og_url":"https:\/\/legalvision.co.uk\/data-privacy-it\/after-data-breach\/","og_site_name":"LegalVision UK","article_publisher":"https:\/\/www.facebook.com\/LegalVision","article_published_time":"2022-10-21T03:51:48+00:00","article_modified_time":"2022-11-23T04:16:55+00:00","og_image":[{"width":858,"height":643,"url":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/05\/24121932\/business-image-0522129.jpg","type":"image\/jpeg"}],"author":"Thomas Sutherland","twitter_card":"summary_large_image","twitter_creator":"@LegalVision_law","twitter_site":"@LegalVision_law","twitter_misc":{"Written by":"Thomas Sutherland","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/after-data-breach\/#article","isPartOf":{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/after-data-breach\/"},"author":{"name":"Thomas Sutherland","@id":"https:\/\/legalvision.co.uk\/#\/schema\/person\/46d22f7d1b4ba321fe5b1cdc648cc5d2"},"headline":"What Steps Should My Company Take Following a Data Protection Breach at Work in the UK?\u00a0","datePublished":"2022-10-21T03:51:48+00:00","dateModified":"2022-11-23T04:16:55+00:00","mainEntityOfPage":{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/after-data-breach\/"},"wordCount":978,"image":{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/after-data-breach\/#primaryimage"},"thumbnailUrl":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/05\/24121932\/business-image-0522129.jpg","keywords":["small business","medium business","gdpr complicance","ICO"],"articleSection":["Data, Privacy and IT Articles"],"inLanguage":"en-GB"},{"@type":["WebPage","FAQPage"],"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/after-data-breach\/","url":"https:\/\/legalvision.co.uk\/data-privacy-it\/after-data-breach\/","name":"What Should I Do After a Data Breach? | LegalVision UK","isPartOf":{"@id":"https:\/\/legalvision.co.uk\/#website"},"primaryImageOfPage":{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/after-data-breach\/#primaryimage"},"image":{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/after-data-breach\/#primaryimage"},"thumbnailUrl":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/05\/24121932\/business-image-0522129.jpg","datePublished":"2022-10-21T03:51:48+00:00","dateModified":"2022-11-23T04:16:55+00:00","author":{"@id":"https:\/\/legalvision.co.uk\/#\/schema\/person\/46d22f7d1b4ba321fe5b1cdc648cc5d2"},"description":"This article explores what your business should do following a data breach to comply with the ICO's requirements and avoid a penalty.","breadcrumb":{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/after-data-breach\/#breadcrumb"},"mainEntity":[{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/after-data-breach\/#faq-question-1666324120940"},{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/after-data-breach\/#faq-question-1666324129940"}],"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/legalvision.co.uk\/data-privacy-it\/after-data-breach\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/after-data-breach\/#primaryimage","url":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/05\/24121932\/business-image-0522129.jpg","contentUrl":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/05\/24121932\/business-image-0522129.jpg","width":858,"height":643,"caption":"E-Commerce Regulations 2002: Legal Implications | LegalVision"},{"@type":"BreadcrumbList","@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/after-data-breach\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/legalvision.co.uk\/"},{"@type":"ListItem","position":2,"name":"Data, Privacy and IT Articles","item":"https:\/\/legalvision.co.uk\/category\/data-privacy-it\/"},{"@type":"ListItem","position":3,"name":"What Steps Should My Company Take Following a Data Protection Breach at Work in the UK?\u00a0"}]},{"@type":"WebSite","@id":"https:\/\/legalvision.co.uk\/#website","url":"https:\/\/legalvision.co.uk\/","name":"LegalVision UK","description":"LegalVision is a commercial law firm in the UK with a commitment to innovation","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/legalvision.co.uk\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/legalvision.co.uk\/#\/schema\/person\/46d22f7d1b4ba321fe5b1cdc648cc5d2","name":"Thomas Sutherland","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/legalvision.co.uk\/#\/schema\/person\/image\/","url":"https:\/\/legalvision.co.uk\/wp-content\/uploads\/sites\/4\/2022\/05\/cropped-Thomas-Sutherland-96x96.jpg","contentUrl":"https:\/\/legalvision.co.uk\/wp-content\/uploads\/sites\/4\/2022\/05\/cropped-Thomas-Sutherland-96x96.jpg","caption":"Thomas Sutherland"},"description":"Tom is an Expert Legal Contributor for LegalVision. He has particular expertise in Commercial and Employment litigation, as well as data protection and privacy regulations. He is a qualified Solicitor in England and Wales and has a decade of legal experience, including advocacy within civil courts and Tribunals. Tom specialises in civil and employment litigation. He has extensive experience in advising employers and companies as to the requirements of employment law and data protection rules, as well as day-to-day advice on smooth running from a commercial perspective. Qualifications: Professional Skills Course - Law, University of Law; Legal Practice Course - Law, College of Law; Bachelor of Laws, University of Southampton.","sameAs":["https:\/\/www.linkedin.com\/in\/tom-sutherland-72b4509b\/"],"url":"https:\/\/legalvision.co.uk\/author\/thomassutherland\/"},{"@type":"Question","@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/after-data-breach\/#faq-question-1666324120940","name":"Why do the ICO punish organisations that suffer cyber intrusion?\u00a0","acceptedAnswer":{"@type":"Answer","text":"The ICO punish organisations that put individuals\u2019 personal data at risk. Therefore, if your organisation has weak system security and this allows access to unauthorised users, the ICO is likely to take a dim view regarding financial penalties.","inLanguage":"en-GB"},"inLanguage":"en-GB"},{"@type":"Question","@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/after-data-breach\/#faq-question-1666324129940","name":"Why does the ICO place such a high value on personal details?","acceptedAnswer":{"@type":"Answer","text":"Because the purpose of the ICO (and the GDPR and Data Protection Act) is to ensure that organisations in England guard against the loss of private information. This is because the loss or theft of personal data can have severe consequences, such as identity theft","inLanguage":"en-GB"},"inLanguage":"en-GB"}]}},"_links":{"self":[{"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/posts\/177484","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/users\/13349"}],"replies":[{"embeddable":true,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/comments?post=177484"}],"version-history":[{"count":8,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/posts\/177484\/revisions"}],"predecessor-version":[{"id":178714,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/posts\/177484\/revisions\/178714"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/media\/3188"}],"wp:attachment":[{"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/media?parent=177484"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/categories?post=177484"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/tags?post=177484"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}