News

Managing data breaches & cyber security incidents

An increasing number of cyber incidents have been reported recently, with reports made to the Information Commissioner’s Office (ICO) by both Marks and Spencer plc and the Co-op Group. Harrods has also indicated that it has been targeted by ransomware recently, with the British Library publishing a detailed look at an incident that occured in October 2023.

It is worth businesses continuing to ensure that all policies and procedures are up-to-date and that responsibilities under GDPR and other legislation are clearly understood. A clear plan should be in place should a data breach occur, whether related to a cyber incident or not. 

The ICO has guidance for small businesses to help ensure all steps are followed to comply with the law as it will need to be considered whether or not the reporting threshold is met, and then the personal data breach must be reported to the ICO without undue delay (if it meets the threshold) and within 72 hours.

The ICO also has detailed guidance, checklists and more to help businesses respond to personal data breaches. This also includes how to decide whether a report should be made, and if a report should be made then what information must be in the report.

Further detailed guidance is available from the ICO about dealing with ransomware and cyber attacks.

Where a significant cyber incident occurs, this may also need reporting to the National Cyber Security Centre (the NCSC). The NCSC guidance is helpful as to what incidents need reporting and how to do this, as well as how to manage the incident in relation to customers and the media.

Incidents not considered significant as well as those that might lead to a heightened risk of individuals being affected by fraud should be reported to Action Fraud.

Posted on 05/07/2025 by Ortolan

Get in Touch

If you would like to know more about Ortolan Legal and how we can help you reduce your ongoing recruitment costs, get in touch!

Email us now

   Or call 020 3743 0600

Unipart Group has used Ortolan Legal’s services to supplement our in-house legal team for a number of years. We keep coming back to them because their unique combination of experienced, high quality lawyers at extremely cost-effective rates sets them apart from other law firms. It also has to be said that their team are personable, highly commercial and very responsive. I would recommend them without reservation.

Richard Collins, Group Legal Director Unipart
See All

Meet the Team

  • Nick Benson Nick Benson I qualified as a commercial and corporate solicitor…
  • Liz Delgado Liz Delgado I qualified as a solicitor in 1995 after studying…
  • Carrie Beaumont Carrie Beaumont I qualified as an Employment specialist in 2008. I…