• Assess the incident

  • Trigger your internal breach reporting procedure

  • Notify the ICO if the incident is likely to result in a risk to the rights and freedoms of your customers 

  • Consider whether the data breach renders notification of your customers

  • Record all the relevant details of the Data Breach in our own log

  • Inform any processor as early as possible if they’re involved in the data breach


Please note that the actions you should take in case of such an incident depend on the categories of data being affected and the scale of the Data Breach, amongst other factors. 


You can find more details on the steps to be taken in case of a Data Breach on ICO’s website or from your legal representatives. 




This information is provided for guidance and cannot be classified as official legal advice. For official direction related to your obligations under GDPR, please speak to your legal counsel.