Self-assessment for data breaches
-
1. A personal data breach (PDB) can be broadly defined as a security incident that has affected the confidentiality, integrity or availability of personal data. Have you determined whether a PDB has occurred?
Yes
-
2. Making your own assessment, does the breach involve the personal data of living individuals?
Yes
-
3. Following your own assessment, is there likely to be a high risk to individuals’ rights and freedoms?
Yes
There is likely to be a high risk to individuals' rights and freedoms
You need to tell the people affected by the breach without delay. You should inform them about any steps you are taking to mitigate the effects of the breach and provide them with advice on what to do to protect themselves.
As you’ve made an assessment there is likely to be a high risk then you must also notify the ICO. This must be done within 72 hours of becoming aware of the breach.
You may ring our Helpline on 0303 123 1113 for advice on how to manage the breach and mitigate its effect.
We’re usually open Monday to Friday from 9am until 5pm.
Unless you can’t access your system, you should report incidents online.
Please note Health and care organisations in England should report breaches using the Data Security and Protection Incident Reporting tool. For guidance on how to use the tool, see the toolkit help pages.
You may want to take a screen shot of this page or use your browser to print the page so that you have a record of your assessment.
Return to the Report a breach page.