Report it immediately as a Information Security Incident via the Viridor IT Portal. You can mark it as Sensitive so that it is targeted only to the Information Security Team.
This covers any type of confidential data breach. It does not have to be only HR, Personal or GDPR data. It may be financial, business strategy or anything confidential.
Also, it does not have to be confirmed as a breach. Report even a potential, then we can help you decide if a breach actually happened.
If you want to talk about policy or how to reduce the risk of a breach, maybe you want to share some data, then you can ask for proactive help or advice by raising an Information Security Service Request.
Also, as we build up our knowledge base you will find more and more articles to help you without the need to log any ticket.