Deliberate or accidental loss of information

Regardless of whether information is lost accidentally or intentionally, there are steps that must be adhered to, the most important of which are:

• Notification to the Information Commissioner Office detailing the breach and how it occurred
• Steps to mitigate the risk that was exploited

Full details of the requirements of companies under GDPR and data protection laws are found here and here.

Any company suffering a data breach is required to complete an investigation into the circumstances leading up to the breach. Should this investigation determine that the information has been intentionally leaked or deleted, then the identified user will also be in breach of the Computer Misuse Act, which carries a range of severe penalties.