Data Breaches


Articles 33 & 34 in the GDPR

Schools will need to notify the Information Commissioner's Office (the ICO) within 72hrs if they suffer a breach which is likely to result in discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage to data subjects, and carry out a full internal investigation as to how it happened and put mitigations in place to prevent it happening again in the future.

Schools will also be required to inform data subjects if their personal data has been put at high risk as soon as possible.