Reviewing and monitoring
-
Due to the Data (Use and Access) Act coming into law on 19 June 2025, this guidance is under review and may be subject to change. The Plans for new and updated guidance page will tell you about which guidance will be updated and when this will happen.
Reviewing and monitoring
You review and monitor personal data breaches.
Ways to meet our expectations:
- You analyse all personal data breach reports to prevent a recurrence.
- Your organisation monitors the type, volume and cost of incidents.
- You undertake trend analysis on breach reports over time to understand themes or issues.
- Groups with oversight for data protection and information governance review the outputs.
Can you answer yes to the following questions?
- Could we see an example of how you handled an incident that required lessons to be learned?
- Were the steps you took to prevent a recurrence of the incident effective?