You have procedures to notify affected individuals where the breach is likely to result in a high risk to their rights and freedoms.
Ways to meet our expectations:
- You have a procedure setting out how you will tell affected individuals about a breach when it is likely to result in a high risk to their rights and freedoms.
- You tell individuals about personal data breaches in clear, plain language without undue delay
- The information you provide to individuals includes the DPO’s details, a description of the likely consequences of the breach and the measures taken (including mitigating actions and any possible adverse effects).
- You provide individuals with advice to protect themselves from any effects of the breach.
Can you answer yes to the following questions?
- Would individuals say that they were told about personal data breaches in a helpful and timely way?
- Did they get the information they needed?
- Were they satisfied with the steps you took to mitigate the impact?