Self-assessment for data breaches
-
1. A personal data breach (PDB) can be broadly defined as a security incident that has affected the confidentiality, integrity or availability of personal data. Have you determined whether a PDB has occurred?
Yes
-
2. Making your own assessment, does the breach involve the personal data of living individuals?
Yes
-
3. Following your own assessment, is there likely to be a high risk to individuals’ rights and freedoms?
No
4. How likely is it that the breach will result in a risk to individuals?
Again, you will need to assess both the severity of the potential or actual impact on individuals as a result of a breach and the likelihood of this occurring. If the impact of the breach is more severe, the risk is higher; if the likelihood of the consequences is greater, then again the risk is higher.
The Article 29 Working Party says: "This risk exists when the breach may lead to physical, material or non-material damage for the individuals whose data have been breached".
For more information, read the "What breaches do we need to notify the ICO about?" section of our personal data breaches guidance.