Under the UK GDPR, a personal data breach means a breach of security
leading to the accidental or unlawful destruction, loss,
alteration, unauthorised disclosure of, or access to, personal data –
whether due to accidental or deliberate causes or organisations failing to
take appropriate action. So, it’s a security incident that affects the
confidentiality, integrity, or availability of personal data.