How to write a GDPR data breach notification – with template

As part of your EU General Data Protection Regulation (GDPR) compliance project, you must produce appropriate documentation. This includes planning the steps for your data breach procedure.

In this blog, we explain how you can get started, and provide a GDPR breach notification template to ensure you have the correct documentation.

What is a personal data breach?

The ICO (Information Commissioner’s Office) defines a personal data breach as any event that results in “the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data”.

This includes incidents that involve:

  • Unauthorised access from a third party;
  • Deliberate or accidental action (or inaction) by a data controller or data processor;
  • Sending personal data to an unintended recipient;
  • Lost or stolen computing devices containing personal data;
  • Unauthorised alteration of personal data; and
  • Loss of availability of personal data.

Personal data breach notification procedures under the GDPR

Organisations must create a procedure that helps them respond in the event of a personal data breach.

This requirements for this are outlined in Article 33 and Article 34 of the GDPR.

Below is an example of a data breach notification – taken from our GDPR Toolkit:

Personal Data Breach Notification Procedure Template Example - GDPR

This toolkit sets out the scope of the procedure, responsibilities and the steps that will be taken by the organisation to communicate the breach from data processor to data controller, and from data controller to supervisory authority and data subjects.

Designed and developed by expert GDPR practitioners this essential toolkit has been used by thousands of organisations worldwide.

It includes:

  • A complete set of easy-to-use and customisable documentation templates (including a personal data breach notification procedure), which will save you time and money and ensure GDPR compliance;
  • Helpful dashboards and project tools to ensure complete GDPR coverage;
  • Direction and guidance from expert GDPR practitioners; and
  • Two licences for the GDPR Staff Awareness E-learning Course.

A version of this blog was originally published on 21 May 2018.