Data breach notification
Under the DPA 2020, when a personal data breach occurs and poses a risk to individuals' rights and freedoms, the data controller must notify the Office of the Information Commissioner without undue delay and, where feasible, within 72 hours of becoming aware. Where the breach is likely to result in a high risk to individuals, the controller must also notify the affected data subjects directly without undue delay.
DPA reference
Data Protection Act 2020
Related terms in Obligations
Anti-money laundering
Legal obligations requiring firms to detect and report financial crime.
Conflict of interest
A situation where a professional's duty to one client may be compromised by duties to another party.
Data minimisation
The principle that personal data collected should be limited to what is necessary for the stated purpose.
Data protection by design
The obligation to build data protection into systems and processes from the start, not as an afterthought.