Tel: 03333 200 222
Email: [email protected]

How to Report a Data Breach

3 minute read
According to the UK General Data Protection Regulation (GDPR), businesses have to report personal data breaches within 72 hours after being informed of such a breach.
By, Jonathan Mack

According to the UK General Data Protection Regulation (GDPR), businesses have to report personal data breaches within 72 hours after being informed of such a breach.

What is a personal data breach?

Any intentional or unintentional security incident that compromises the confidentiality, integrity, or accessibility of personal data qualifies as a personal data breach. For instance, a breach could occur:

  • If you misplace, delete, distort, or reveal personal data
  • If someone accesses the information or shares it without having the necessary authorisation
  • If the data becomes unavailable (for instance, due to ransomware, accidentally lost, or damaged), and this absence has a major negative impact on people

If a security issue occurs, you should ascertain whether there has been a compromise of personal data. The potential negative effects on people should be the main focus of your assessment, depending on:

  • How significant or serious these are, and
  • How probable they are to occur

You could be required to notify the Information Commissioner's Office (ICO) about the breach or the people it affects. Let's look at when you should report a breach.

When you should report a breach

You are not required to notify the ICO of every data breach. You must report a data breach, however, if it could endanger people's rights and freedoms.

For instance, if the breach is likely to result in:

  • Discrimination
  • Loss of reputation
  • Psychological distress
  • Financial or material losses due to identity theft or fraud, as well as any other serious economic or social disadvantage

Other laws, such  the Privacy and Electronic Communications Regulation (PECR) or e-privacy regulation, may also require you to notify the incident.

How to report personal data breaches to the ICO

You can notify the ICO of a personal data breach by following their self-assessment tool and reading the guidelines on reporting a breach.

Recording personal data breaches

You must make sure that you record all breaches as part of your responsibility to uphold the accountability principle required by the UK GDPR, regardless of whether the breaches require reporting to the ICO. The details of the breach, its consequences, and the corrective action taken should be documented.

If you encounter a personal data breach, you may have extra notification requirements under other laws in addition to notifying and documenting the breach.

For instance, if you operate an essential service provider, a digital service provider, a communications service provider, or a UK trust service provider.

Third parties that can help lower the danger of financial loss to individuals, such as the police, insurance, professional associations, banks, or credit card providers, may also need to be informed.

What happens if you don't report a breach?

A punishment of up to £8.7 million or 2% of your global sales may be imposed for failing to notify the ICO of a breach when you are required to do so. Under the UK GDPR, the fine may be used in conjunction with other corrective measures by the ICO.

If you are upfront and truthful about the breach, report it right away, and demonstrate that you take the security of personal data seriously, you can avoid fines and penalties.

Make sure that you have a reliable mechanism in place to quickly identify and report breaches and that, in the event of a notifiable breach, you are able to give all relevant information. If you decide not to report the breach, be sure to explain your reasoning and keep a record of it.


Reporting a data breach is often necessary and an important aspect of handling personal data breaches. If you’re looking to prevent data breaches and safeguard your organisation from cyber security attacks or unauthorised breaches, Swiftcomm can help. 

Get in touch with our friendly support team today to find out how we can manage your organisation’s data privacy and IT security.



  1. ICO. Report a Breach. Accessed September 26 2022.

More from Swiftcomm

Efficient and Affordable Fixed Cost IT Support in Peterborough: Your Solution for Seamless Tech Management
In today's fast-paced business world, technology plays a pivotal role in the success of organisations, regardless of their size. As companies increasingly rely on technology to streamline business operations, enhance customer experiences, and gain a competitive edge, reliable IT support has never been more critical. In this blog, we will explore the world of fixed cost IT support in Peterborough—a solution that offers efficiency and affordability for support specialists while ensuring seamless tech management for businesses.
Full Article
Addressing Diverse Industry Challenges: IT Support for SME London
The thriving business landscape of London comprises a diverse array of small and medium-sized enterprises (SMEs) spanning various industries, each with its own unique IT needs and challenges. From finance and healthcare to creative agencies and manufacturing businesses, the technology requirements can significantly differ. This is where IT support providers play a crucial role, offering tailored solutions to address the diverse industry challenges faced by SMEs in London. When it comes to IT support for SME London, these providers offer customized solutions that can help businesses thrive in this dynamic environment.
Full Article
Trusted by 100s of businesses already
Uniquely tailored approach
Outstanding customer service

Talk with us

We pride ourselves on being an honest trustworthy business communications provider
Call 03333 200 222 or if you would prefer us to call you.
Schedule a call
We love emails, to send us one use [email protected] or fill in our
Contact Form
Live Chat
Got a question? Our live chat is open and ready to assist
Chat Now
Contact a specialist