• Perform an assessment of the incident, including essential facts to determine whether the breach should be notified to the ICO

  • Notify the ICO if the incident is likely to result in a risk to the rights and freedoms of our clients and their customers

  • Consider whether the data breach renders notification of clients and their customers necessary

  • Record all the relevant details of the Data Breach in our own log

We consider a notifiable Data Breach to be an incident that might result in discrimination, damage to reputation, financial loss, loss of confidentiality, or any other significant social or economical disadvantage for our clients and their customers. In the event of a such Data Breach, we will notify the ICO within 72 hours of becoming aware of the essential facts of the Data Breach. In our notification, we aim to provide the ICO will all the relevant details of the Data Breach, as per the breach notification form. 

We will notify the Data Controller as soon as we become aware of such an incident.

This information is provided for guidance and cannot be classified as official legal advice. For official direction related to your obligations under GDPR, please speak to your legal counsel.