DPO Programme – Module 3 (Virtual)

Number of capacity: 15

Summary

This module examines breach governance under Articles 32–34 UK GDPR from a defensibility and regulatory reasoning perspective. 

It focuses on risk-to-rights assessment, notification thresholds, documentation architecture, and board-level oversight. 

A 3-hour governance session covering: 

• Legal definition of personal data breach 
• Risk to rights and freedoms assessment model 
• 72-hour ICO notification threshold 
• Article 32 proportionality 
• Patient notification test (Article 34) 
• Insider misuse and supply chain exposure 
• Mitigation as regulatory credit 
• Breach documentation architecture 
• Governance oversight model 

Mapped to NHS DSPT Standards 1–3. 

Course Content

• Breach identification and classification 
• Risk scoring and reportability decisions 
• ICO notification and patient communication 
• Mitigation and documentation defensibility 
• Breach governance structure for GP practices 

Expected Outcome

• Conduct structured breach risk assessments
• Determine ICO notification thresholds confidently 
• Maintain defensible breach documentation and escalation logs