GDPR Data Breach

This section gives advice on what actions you need to take if you detect suspicious activity on any RMG device or are concerned of a potential or actual data breach.

Introductory statement on the General Data Protection Regulations (GDPR)

In the UK, we have a legal requirement to protect and handle personal data under the Data Protection Act 2018 (aligned to EU GDPR).

A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes.

A data breach can not only involve data on systems (theft or loss of digital records, sending personal data to people who shouldn’t have it, hacking or a cyber -attack ) but also data held in paper form ( disclosure or theft of physical records). A breach can also involve the loss, theft or compromise of a PC, tablet, mobile phone or hard disk.

Suspected Data Breach? Here are the actions you need to take.

  1. If you detect suspicious activity on any RMG device or are concerned of a potential or an actual data breach then you must report it to the IT helpdesk immediately by calling 0345 608 2555
  2. The IT Helpdesk will log the incident and forward it to the teams within the business who will investigate and action as necessary.
  3. The PiC must also be informed immediately if the data breach involves office machinery and/or a work computer.

If you are in any doubt please email

Report immediately – Royal Mail is legally obliged to report any significant data breaches to the Information Commissioner (ICO) not later than 72 hours.

If in doubt at any stage always call Central Postal Control (CPC)

Central Postal Control deals with issues on a regular basis and will be able to talk you through how to deal with any situation.