Data Breach Incident – Template

GDPR requires all firms to keep a log of any and all breaches, even the smallest incidents should be recorded. The log should describe the incident itself, the cause, repercussions, risk of future damage, affected data and measures taken to mitigate the risks to further damage.

You can use this Data Breach Incident log template.

Personal Data Breach and Incident Handling

Not all data breaches are caused by malicious third parties like hackers. There are plenty of examples of accidental loss or accidental unauthorised access:

  • A member of staff losing a USB stick/drive that had personal data files on it with the drive nor the data files being encrypted
  • A member of the sales staff accidentally posts a revenue report containing names and financial details from customers on the public website rather than the intranet team site
  • A member of staff attaches the wrong file to an email, resulting in accidental disclosure of personal data
  • A member of staff accidentally deletes client records leading to loss of personal data

For an overview of the GDPR requirements on data breach and when to inform the regulator and affected individuals, so consult our Personal Data Breach – Overiew knowledge base item on this topic.