We use essential cookies to make our site work. We'd also like to set analytics cookies that help us make improvements by measuring how you use the site. These will be set only if you accept.

For more detailed information about the cookies we use, see our cookies page.

Essential Cookies

Essential cookies enable core functionality such as security, network management, and accessibility. For example, the selections you make here about which cookies to accept are stored in a cookie.

You may disable these by changing your browser settings, but this may affect how the website functions.

Analytics Cookies

We'd like to set Google Analytics cookies to help us improve our website by collecting and reporting information on how you use it. The cookies collect information in a way that does not directly identify you.

Third Party Cookies

Third party cookies are ones planted by other websites while using this site. This may occur (for example) where a Twitter or Facebook feed is embedded with a page. Selecting to turn these off will hide such content.

Skip to main content

Data Breach Management

GDPR Data Breach Management Policy – 19th February 2019                         Hannington Parish Council

To mitigate against data breaches

All members of the Hannington Parish Council will minimise data breaches by controlling access to their computers:

  1. Access to the computer device must be authenticated by the use of individual identification and passwords;
  2. Equipment that is connected to the internet must be protected by a suitable firewall which is maintained;
  3. Anti-Virus Software must be installed and automatically updated;
  4. A robust Data Back-up and storage regime must be adopted where required.
  5. All Personal Data must be stored and disposed of in a secure manner.

Who does what, when personal data is breached?

  1. The Public may report a data breach or they may suspect a data breach has occurred and they inform a member of the Hannington Parish Council. Or, a Councillor identifies a data breach.
  2. The Clerk to the parish council is informed immediately. In our case the Clerk is the Data Protection Officer and Data Controller.
  3. The Clerk informs the BHIB Insurance Brokers, Emergency Response Claims Service to:
  • Engage Specialist consultants or consulting engineers to assess if a Data Security Breach has occurred, its scope, impact and mitigate an ongoing loss;
  • Engage external legal advice to manage our response to a Data Security Breach;
  • Notify any Data Subject(s) of the Data Security Breach;
  • Notify any regulatory body of the Data Security Breach where required to do so by law or regulation. In this case, the Information Commissioner’s Office (ICO) where the risks to the rights and freedoms of data subjects is high. This must be done within 72 hours.

     4.  The Clerk to liaise with the Emergency Response Claims Service and update the Councillors on a weekly basis (or sooner if warranted) as to progress and status of the situation

     5.  The Councillors to make timely decisions on the recommendation of the parish Clerk.

Review and monitor

Once the personal data breach has been contained by the Emergency Response Claims Service team, the parish council will conduct a review of existing measures in place, and identify ways in which these measures can be strengthened to prevent a similar breach from reoccurring.

The review will also examine the log of actions taken to identify whether processes can be improved.

All identified measures will then be monitored by the parish council to ensure that the measures are implemented satisfactorily.

Data Breach Register.  

In conjunction with the Clerk, the parish council will update the Data Breach Register and sign off that all provisions for the Data Subjects have been properly provided for, namely:

  1. A telephone help line to assist Data Subjects after they have been notified of the Data Security Breach;
  2. A credit protection service to the affected Data Subjects;
  3. Identity fraud remediation services for Data Subjects.


The Parish Clerk, Hannington Parish Council is responsible for ensuring adherence with the General Data Protection Regulations.

Contact details:

The Parish Clerk contact details are on the website at


Useful Contacts

Information Commissioner: Email:  Website: