Report a data security breach

What information are you providing? *

Completed monthly log

Initial notification of a security breach (within 24 hours)

Second notification with further detail (within 3 days)

Follow-up notification with outstanding details

Monthly log

If there have been personal data breaches, please attach your completed breach log below. If there have not been any personal data breaches during this month, you can email a 'nil return' to [email protected]. As nil returns do not need to be sent securely, you do not need to use this form.

Breach log *

We accept Excel, Word and Open Office spreadsheet and document files, CSVs and text-based files. Maximum of 3 MB.

Cancel

Initial notification of a security breach

Use this form for the first notification within 24 hours of detecting a breach.

When did this breach occur?

On or between ... *

... and *

When was the breach first detected? *

Briefly describe the breach (eg theft, loss, copying) *

What is the nature and content of the personal data concerned? *

What technical and organisational security measures have you applied (or were to be applied) to the affected personal data? *

Were other providers involved? *

Information to provide now if possible

You should provide the following information now, if possible. If not, you must send a second notification form within three days.

Second notification of a security breach (providing further detail)

You should have already sent an initial notification with as much information as possible. Please now provide further detail. For each question, please add any further details since your initial notification. Please tell us if any details have changed. If you cannot provide any of the information we ask for now, you should explain why, and send a follow up form as soon as possible.

Follow up notification with any outstanding details

You should have already sent an initial notification and second notification with as much information as possible. Please now provide any further remaining details.

When did this incident occur?

On or between ... *

... and *

Summarise the incident that caused the breach

Did the breach occur in response to a Regulation of Investigatory Powers Act request? *

Yes

What was the physical location of the breach and the storage media involved?

How many individuals were affected?

What are the potential consequences and adverse effects on those individuals?

What technical and organisational measures have you taken to mitigate those potential adverse effects?

Please provide the content of any notification to customers (you can attach this at the end of this form or provide it here)

How were customers notified (eg by email)?

How many customers were notified?

Does the breach affect individuals in other EU member states? If so, which states?

Have you notified any other data protection authorities (if so, which ones)?

Have you provided all the information we have asked for? *

Yes

Please attach any other relevant supporting information

We accept Word, Excel and other MS Office and Open Office files, image files, and text files. Up to 2 MB per file

Cancel

About you (the service provider)

Organisation name *

Who should we contact?

Name *

Job title *

Email *

Enter email

Confirm email

Phone *

Address

Address *

Street *

Line 1

Line 2

Line 3

Town or city

County

Postcode *

Country *