Self-assessment for data breaches
-
1. A personal data breach (PDB) can be broadly defined as a security incident that has affected the confidentiality, integrity or availability of personal data. Have you determined whether a PDB has occurred?
Yes
-
2. Making your own assessment, does the breach involve the personal data of living individuals?
Yes
-
3. Following your own assessment, is there likely to be a high risk to individuals’ rights and freedoms?
No
-
4. How likely is it that the breach will result in a risk to individuals?
Unlikely
It's unlikely that the breach will result in a risk to individuals
You should keep an internal record of the breach as detailed in Article 33 (5) of the GDPR, including what happened, the effects of the breach and remedial actions taken.
There is no requirement to notify the ICO but you should keep a note of why you came to this decision. If new information which affects the circumstances of this breach comes to light, you should reassess the risk and determine whether it becomes reportable at that point.
You may want to take a screen shot of this page or use your browser to print the page so that you have a record of your assessment.
Return to the Report a breach page.