Scroll to content
School Logo

St Joseph's

Catholic Primary School

Inspired by Christ, Working Together, Achieving Our Best

Data Breach Policy

Data Breach Policy

Handling data breaches appropriately allows us to respond effectively when something has gone wrong. Capturing all types of data breaches, whether it is a confirmed breach, a potential breach or a ‘near-miss’, allows us to understand where our weaknesses are, how well our policies are working and what we should change about our policies to make them more effective. It allows us to meet our legal obligation to report breaches which may cause harm to individuals to the regulator.

 

This policy sets out the rules all staff, contractors and volunteers must follow to effectively manage data breaches.

 

Policy rules:

  1. If you discover a data breach, you must immediately report it to the Data Protection Lead
  2. When reporting the breach, you must provide as much information as possible
  3. The Investigating Officer must complete investigations and complete an outcome report which can be found in our Data Breach Procedure
  4. All staff must support investigations into breaches as required
  5. Maintain a full record of each breach from reporting to closure
  6. The Headteacher/Senior Information Risk Owner (SIRO) must support the investigation of major and critical breaches
  7. Comply with the timescales and escalation process outlined in our Data Breach Procedure
  8. Major and critical breaches must be referred to the Data Protection Officer.

 

How must I comply with these policy rules?

 

Our Data Breach Procedure tells you how to comply with these rules. If you are unsure how to comply you must seek advice and guidance from your Data Protection Lead.

What if I need to do something against this policy?

 

If you believe you have a valid business reason for an exception to these policy points, having read and understood the reasons why they are in place, please raise a formal request by contacting the school office.

References

 

  • Data Protection Act 2018 / UK GDPR

Breach Statement

 

Breaches of Information Policies will be investigated and may result in disciplinary action. Serious breaches of Policy may be considered gross misconduct and result in dismissal without notice, or legal action being taken against you.

Document Control

 

Version:                  2024

Date approved:       January 2025

Approved by:           Trust Intervention Board / CSEL

Next review:            January 2026

Top