a black and white photo of a clock tower

Introduction

This data breach reporting policy outlines the procedures that will be followed in the event of a data breach.  The policy is designed to help us respond effectively to data breaches, protect our clients’ data and comply with legal and regulatory requirements.

Definition of a data breach

A data breach is defined as any incident in which personal data is accidentally or unlawfully destroyed, lost, altered, disclosed or accessed. This includes incidents in which personal data is stolen or hacked.

Reporting requirements

If a data breach occurs, we will immediately report the breach to our clients and the Information Commissioner’s Office (ICO) in accordance with GDPR regulations. We will also provide any necessary assistance to our clients to help them comply with their own reporting obligations.

Data breach reporting process

If a data breach is discovered, the following steps will be taken:

Contain the breach

  • We will take immediate steps to contain the breach and prevent any further damage
  • The affected system or device will be isolated and taken offline
  • We will investigate the cause of the breach and assess the scope of the breach

Evaluate the risks

  • We will assess the risks associated with the breach and determine whether personal data has been compromised
  • We will notify affected clients as soon as possible

Report the breach

  • We will report the breach to the ICO within 72 hours of becoming aware of the breach
  • We will provide affected clients with a detailed report of the breach, including the scope of the breach, the type of personal data involved and any other relevant information
  • We will work with affected clients to help them comply with their own reporting obligations

Data breach prevention

We take data breach prevention seriously and have implemented the following measures to reduce the risk of data breaches:

  • AI powered threat detection and response, backed by a 24/7 Security Operations Centre (SOC)
  • Regular training for employees on data protection and cybersecurity
  • Use of strong passwords and two-factor authentication
  • Encryption of sensitive data
  • Regular software updates and patches
  • Implementation of access controls and permission levels
  • Regular backups of data to prevent data loss

This data breach reporting policy is designed to ensure that we respond quickly and effectively to data breaches and protect our clients’ data. It is our commitment to data protection and cybersecurity and we will continually review and update our policy to ensure it remains effective in response to new threats and risks.