The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

Reviewing and monitoring

You review and monitor personal data breaches.

Ways to meet our expectations:

  • You analyse all personal data breach reports to prevent a recurrence.
  • Your organisation monitors the type, volume and cost of incidents.
  • You undertake trend analysis on breach reports over time to understand themes or issues.
  • Groups with oversight for data protection and information governance review the outputs.

Can you answer yes to the following questions?

  • Could we see an example of how you handled an incident that required lessons to be learned?
  • Were the steps you took to prevent a recurrence of the incident effective?