Procedure 4 – Managing a Data Breach Procedure

Girlguiding Surrey East Logo

 

Girlguiding Surrey East

Procedure 4 – Managing a Data Breach Procedure

 

 

Girlguiding Surrey East has chosen to adopt the same procedure as Girlguiding and regional offices. This procedure applies to county appointment holders and the county administrator.

Notification of a data breach

Girlguiding Surrey East may become aware of a data breach in one of the following ways:

  • Notification to Girlguiding Surrey East by Girlguiding HQ Data Protection Officer of a county breach that has been reported to HQ;
  • Notification of a breach to Girlguiding Surrey East at the same time as reporting a breach to Girlguiding HQ Data Protection Officer;
  • Data breach reported to a County Appointment Holder or the County Administrator, which needs reporting to Girlguiding HQ Data Protection Officer;
  • Data breach reported by a third party, which needs reporting to Girlguiding HQ Data Protection Officer.

Once reported to Girlguiding HQ, the County Commissioner, County Appointment Holders and the County Administrator will cooperate fully in the data breach management procedure that will be led by Girlguiding HQ. It is appropriate for Girlguiding HQ to lead on the data breach management procedure as their staff have knowledge, awareness and training in data protection law.

The data breach management process can be summarised as follows:

  • Containment and recovery:                To limit as far as possible any damage.
  • Assessment of the breach: Looking at the details & what happens next.
  • Notification of breach: Choosing who to inform of the breach.
  • Lessons Learned: How can we prevent it happening again.

This process is based on the UK regulator’s recommendations and represents best practice to manage data breaches. By using this process, which has been adopted by Girlguiding HQ, Girlguiding Surrey East ensures it is following procedure, meeting our responsibilities and complying with the law.