This Data Breach Register is designed for recording the details of data
breaches and the key results from following the procedure laid out in a
Data Breach Policy.
A data breach (which may or may not involve personal data) can take many
forms. It may, for example, involve the loss or theft of data, the
unauthorised access to, use of, or modification of data, or something
apparently less direct such as equipment damage, human error, or the loss
or theft of equipment.
Full details of a data breach, including the results of the investigation
into it and decisions made about key considerations such as notifying the
Information Commissioner’s Office and data subjects, should be recorded in
a Data Breach Register. Documenting everything is vitally important and
will assist you in complying with the UK GDPR’s accountability principle.
This template is designed to be used with a separate table for each
recorded data breach. Two tables have been included (complete with sections
and prompts for all required information). It is recommended that the
second table is duplicated before filling it in so that you have a fresh
table to record a subsequent data breach.
Optional phrases / clauses are enclosed in square brackets. These should be
read carefully and selected so as to be compatible with one another. Unused
options should be removed from the document.
Each table in this Data Breach Register contains the following sections:
1. Data Breach Reference Information
2. Data Breach Details
3. Management of Data Breach
5. Additional Comments
6. Current Status
This Data Breach Register is in open format. Either enter the requisite
details in the highlighted fields or adjust the wording to suit your
Once you have purchased access to the appropriate document folder click on
the “Download Document” link below. You will be asked what you want to do
with the file. It is recommended that you save the document to a location
of your choice prior to viewing.