Enter to open, tab to navigate, enter to select
Data security breach notification: letter notifying a personal data breach to the Information Commissioner (non-PECR) (DPA 1998)
Practical Law UK Standard Document 5-506-4819 (Approx. 15 pages)
Data security breach notification: letter notifying a personal data breach to the Information Commissioner (non-PECR) (DPA 1998)
by Practical Law Data Protection
| Law stated as at 09 Feb 2018 • United Kingdom |
A letter to be sent by a data controller to notify the Information Commissioner of a serious breach of personal data security under the Data Protection Act 1998 (non-PECR).
Note: With effect from 9 February 2018, this resource is no longer being maintained. From 25 May 2018, the EU General Data Protection Regulation ((EU) 2016/679) (GDPR) replaced the current regime established by the Data Protection Act 1998. It is supplemented by the Data Protection Act 2018. For legal developments between 22 August 2017 and 24 May 2018, please refer to the legal updates on the topic pages for this resource: Data Protection Bill 2017-19 legislation tracker).
The European Commission is reviewing a related piece of legislation, the E-Privacy Directive (2002/58/EC), implemented in the UK by the Privacy and Electronic Communications Regulations 2003/2426 (as amended) (PECR). Their replacement, the draft E-Privacy Regulation (COM (2017) 10 final) (draft ePR), will not be agreed in time to align with the GDPR (see Draft E-Privacy Regulation legislation tracker). The Information Commissioner's Office (ICO) has confirmed that PECR (with GDPR standard of consent) will continue to apply until the draft ePR is finalized. We are updating our direct marketing, cookie and other related resources to reflect this. For further information see E-Privacy Regulation tracker. For further information and ICO guidance, see Practice note, Overview of GDPR: UK perspective: Direct marketing and draft E-Privacy Regulation.