Data Protection Breach Protocol

A data security breach can happen for a number of reasons which include but not limited to:

  • Loss or theft of data or equipment on which data is stored
  • Unauthorised access and use of data
  • Equipment failure
  • Human error
  • Unforeseen circumstances e.g. fire or flood
  • Network being hacked into
  • Unlawful destruction of files

In order to manage data protection breaches the following steps must be followed:

1.    Any breach of data protection should be reported immediately to staff member’s line manager and section head.

2.    The Line Manager must then in turn report it to the Data Protection Officer.

3.    Details of a breach should be reported accurately, including date and time the incident occurred, when it was detected, who reported the incident, details of any ICT system involved.

4.    The Data Protection Officer will notify the Data Protection Commissioner where relevant within 72 hours.

5.    Arrangements must be put in place by each section under direction from the DPO to notify the person(s) involved whose personal data has been breached.

6.    Following the Data Protection breach, the Data Protection Officer will investigate how the breach occurred, the implications of the breach and the measures required to prevent re-occurrence.

To contact the Data Protection Officer - please email


The attention of all staff will be drawn to this policy through:

1.    Publication on the Intranet.

2.    Circulation to all Section Heads

Link to Data Protection Commissioners Website – Data Breach Guidance