Self-assessment for data breaches
-
1. A personal data breach (PDB) can be broadly defined as a security incident that has affected the confidentiality, integrity or availability of personal data. Have you determined whether a PDB has occurred?
I don't know
I don't know if a personal data breach has occurred
The GDPR states that you should have measures in place to be able to determine if a personal data breach has occurred. This means you should review all the measures you have in place and make a determination whether a personal data breach has occurred or not. The Article 29 Working Party says that you become aware of a personal data breach when you have a reasonable degree of certainty that one has taken place.
Please ring our helpline to discuss the incident in more detail. We can also offer advice on how to manage any breach and mitigate its effect.
The helpline, on 0303 123 1113 is usually open Monday to Friday from 9am until 5pm. If the helpline is closed, you may prefer to report the incident without delay. You can do this online. You are required to report breaches within 72 hours of becoming aware of them.
Health and care organisations in England should report breaches using the Data Security and Protection Incident Reporting tool. For guidance on how to use the tool, see the toolkit help pages.
You may want to take a screen shot of this page or use your browser to print the page so that you have a record of your assessment.
Return to the Report a breach page.