- In order to function, The Burma Star Association (BSA) processes personal data, including that of its employees, volunteers and those whom it helps. It is registered with the ICO
Nonetheless, a breach may occur through, for example:
- Loss or theft of data or equipment on which data is stored.
- Weakness in access controls allowing unauthorised use.
- Equipment failure.
- Human error.
- Unforeseen circumstances such as a fire/flood.
- Hacking attack.
- ‘Blagging’ offences where information is obtained by deceit.
- This policy and procedure will be reviewed regularly to comply with current best practice and advice offered by the Information Commissioner’s Office (ICO). In the event of a breach, the BSA will
co-operate, as appropriate, with the ICO and other authorities to minimise the risk to data subjects and to reduce the risk of a breach re-occurring.
- The following procedure will vary in practice according to the nature and amount of data lost, but consists of 4 elements:
- Containment and recovery.
- Assessment of ongoing risk.
- Notification of breach.
- Evaluation and response.
- This procedure is designed to comply with the GDPR requirement that, breaches resulting in a risk to the rights and freedoms of individuals, should be reported to the ICO within 72 hours and that
in a breach resulting in a high risk to the rights and freedoms of individuals the individuals must be informed.
- The BSA considers data breaches and potential data breaches as a senior management responsibility to be dealt with in accordance with ICO guidelines.
- All staff members are required to comply with this policy and accompanying procedures.
- If you suspect a data breach has occurred which may affect you, please contact the BSA Administrator as soon as possible at firstname.lastname@example.org or 020 7823 4273.