Under the General Data Protection Regulation (GDPR) a data breach occurs when personal information is disclosed without the appropriate authorisation.

The GDPR requires there to be a lawful reason for processing personal data which means that the simplest error can result in data processing becoming illegal and subject to sanctions from the Information Commissioners’ Office (ICO).

Often it is the simple and avoidable incidents that cause the biggest reputational damage to an organisation. For example, mistakenly emailing the wrong person or copying in people that should not be included in an email. Now that GDPR is enforced, these simple errors could also result in large administrative fines and litigation.