The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

Notifying individuals

You have procedures to notify affected individuals where the breach is likely to result in a high risk to their rights and freedoms.

Ways to meet our expectations:

  • You have a procedure setting out how you will tell affected individuals about a breach when it is likely to result in a high risk to their rights and freedoms.
  • You tell individuals about personal data breaches in clear, plain language without undue delay
  • The information you provide to individuals includes the DPO’s details, a description of the likely consequences of the breach and the measures taken (including mitigating actions and any possible adverse effects).
  • You provide individuals with advice to protect themselves from any effects of the breach.

Can you answer yes to the following questions?

  • Would individuals say that they were told about personal data breaches in a helpful and timely way?
  • Did they get the information they needed?
  • Were they satisfied with the steps you took to mitigate the impact?