Data breaches

Data breaches

• If you know, or even suspect, that a data breach has occurred, whether through our fault or the fault of one of our data processors:

  • immediately stop the collection and processing of any data that you believe may have been exposed by the breach;
  • do whatever you can to lock down/shutdown the system(s) that have been breached; and
  • inform the DPO immediately.

• Note that we may have a legal obligation to report such a breach within 72 hours of discovering it, and may face severe fines or penalties if we do not act accordingly.

• Report all known or suspected data breaches to the DPO regardless of whether you think personal data is involved.

• Report all known or suspected data breaches to the DPO regardless of how the data were collected; e.g., no matter under what lawful basis.

• If you know or suspect that a member of staff is aware of a data breach but has not reported it, inform the DPO immediately.

References

• UK ICO: personal data breaches