The UK General Data Protection Regulations (GDPR) defines a personal data breach as "a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed".
This broad definition means that personal data breaches are very easy to commit. Common examples could include
However, a breach may not always be as obvious as that.
Read these examples and consider the following:
1. Has a data breach occurred?
2. What immediate action needs to be taken?
3. What action should be taken in future?
If you believe that a breach has occurred, take any immediate action that you can to get the information back
All data breaches must be recorded. You can download a Word file from this page to help with this.
You should also have a process for keeping track of all breaches, such as on a spreadsheet on a computer or kept in a filing cabinet. Make sure it is kept up to date.
All breaches also need to be reported to the District Data Champion who can also advise on any further action that may be needed.
The simplest was to do so is by completing this online form:
Reporting a breach
Contact Trustees for Methodist Church Purposes (TMCP) dataprotection@tmcp.org.uk if you believe that it is a breach leading to loss of confidentiality or reputational damage so that they can handle this for the Managing Trustees as Data Controller
Registered Charity no. 1129363
admin@sheffieldmethodist.org
0114 270 9990 / 0114 430 0255
Sheffield District Office
Room 47, Victoria Hall Methodist Church
Norfolk Street
Sheffield
S1 2JB