Guidance on Data Security Breach Management (EU)


Key Questions: What do I do in the case of a Privacy Breach? How do I create a breach management plan?

Organisations which process personal data must take appropriate measures against unauthorised or unlawful processing and against accidental loss, destruction of or damage to personal data. Many organisations take the view that one of those measures might be the adoption of a policy on dealing with a data security breach.

However the breach has occurred, there are four important elements to any breach management plan:

  1. Containment and recovery
  2. Assessment of ongoing risk
  3. Notification of breach
  4. Evaluation and response 


  • Containment and recovery
  • Assessment of ongoing risk
  • Notification of breach
  • Evaluation and response 
  • Other Considerations
  • More Infromation
Contact Person/Organization: 

Information Commissioner's Office (ico.)

Type of Tool:

Publication Date: 

What Is A Breach Of Privacy?