The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

This checklist is for sole traders and other small businesses in the UK. Use it to check how well you understand personal data breaches and how to respond to them.

Once you complete the checklist, you get a short report with practical actions you can take and additional guidance to improve how you deal with personal data breaches.

1. Do you, or someone in your business, know what a personal data breach is?
2. Does your business have measures in place to help prevent personal data breaches happening?
3. Do you have someone in your business responsible for dealing with any personal data breaches that happen?
4. Has everyone in your business had training in how to avoid, recognise and report a personal data breach?
5. If a personal data breach happens, does the responsible person know what to do first to limit the consequences?
6. Does the responsible person know how to assess how serious a personal data breach is?
7. Does the responsible person know what to tell the affected people?
8. Does the responsible person know what information to record on your breach log?
9. Does the responsible person know whether they need to tell the ICO about the breach and, if so, what information to include in their report?