How to recognise and respond before small mistakes become big problems

Not every data breach is caused by hackers. Most happen because of simple human error - the wrong email, the lost laptop, or the unlocked screen. The UK GDPR sets out clear rules on how to respond when personal data is lost, stolen, or accessed without permission.

If you remember nothing else, remember this: report early, even if you’re not sure.

1. What counts as a data breach

A personal data breach is any incident that leads to unauthorised access, loss, disclosure, alteration or destruction of personal data. It can be accidental or deliberate.

Examples include:

• Sending personal data to the wrong person
• Losing an unencrypted laptop or USB stick
• A spreadsheet with employee data shared with the wrong team
• A cyberattack exposing customer details
• Paperwork left on a train or in a shared printer

If someone who shouldn’t have access to personal data can see or obtain it, it’s a breach.

2. Why quick reporting matters

The UK GDPR requires that serious breaches be reported to the Information Commissioner’s Office (ICO) within 72 hours of discovery. That countdown starts the moment the organisation becomes aware of it.

Fast internal reporting allows the privacy or security team to assess the risk, limit further harm, and decide whether external reporting is needed. Waiting or trying to fix it quietly often make things worse.

Even near misses should be logged, as they highlight weaknesses and prevent future incidents.

3. Recognising the warning signs

Many breaches start small. Some signs to look for:

• Files or folders missing, moved or accessed unexpectedly
• Suspicious emails asking for credentials or data
• Error messages indicating unauthorised access
• Customer complaints about receiving wrong information
• Printed documents found where they shouldn’t be

If something feels off, assume it might be a breach until proven otherwise.

4. How to report a breach

Every organisation should have a clear internal reporting process. Typically, it involves:

1. Contacting your line manager, data protection officer or privacy lead immediately.
2. Providing details of what happened when, and what data was involved.
3. Notifying IT if systems are affected.
4. Preserving evidence but not deleting anything.

Your role is to report, not to investigate or assign blame.

5. What happens after a report

The privacy or security team will:

• Assess what data was affected and how many people are impacted.
• Contain the issue by locking accounts or recalling emails.
• Decide whether to inform the ICO or affected individuals.
• Record the breach in the incident log.
• Recommend changes to prevent repetition.

If the ICO is notified, the report must describe what happened, the likely consequences, and steps taken to address it.

6. Monday morning takeaways

If you spot a possible breach:

1. Report it immediately to your privacy or IT lead.
2. Do not try to cover it up.
3. 3.    Provide as much detail as possible.
4. Stop using affected systems until advised.
5. Cooperate with any follow-up steps.

If you manage a team:

1. Make sure everyone knows how and where to report.
2. Keep a simple internal process and incident log.
3. Review near misses regularly.
4. Create a culture where honesty is encouraged.

Quick summary

In plain terms

A data breach is not just a technical problem,it’s a people problem. Mistakes happen, but ignoring them makes things worse. If in doubt, report it. Acting early protects individuals, your organisation, and your own reputation.