Explore UCD

UCD Home >

Data Breaches

Data Breaches and Reporting

What is a personal data breach? 
A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. A personal data breach can cover a lot more than just ‘losing’ personal data. Personal data breaches include incidents that are the result of both accidents (such as sending an email to the wrong recipient) as well as deliberate acts (such as phishing attacks to gain access to customer data). It also includes situations such as where someone accesses personal data or passes them on without proper authorisation, or where personal data are rendered unavailable through encryption by ransomware, or accidental loss or destruction.


What to do if an incident or breach already happened? 
If you think a personal data incident or data breach has occurred in your School or Unit, you need to act promptly, as time is of the essence. Where onward reporting of a breach to the DPC is required, UCD has in total only 72 hours to do so from the time UCD becomes aware of the breach. Any late reporting has the potential to result in sanctions and/or fines. 

1)Complete the UCD internal report form (opens in a new window)UCD DP Incident Report Form (word)
2)Contact the Office of the DPO (ODPO) at (opens in a new window)gdpr@ucd.ie by email with the form included.

Our Data Breach and Information Officer, or another member of the ODPO will contact you to discuss next steps. 

What to do to prevent data breaches?
(opens in a new window)Managing Breaches when Working Remotely (to watch this short mp4 video please access it with your UCD log-on)
(opens in a new window)Managing Breaches when Working Remotely (to view the slides please access the presentation with your UCD log-on)
(opens in a new window)UCD DP Incident Reporting Guidance document.

Further Information