Data Breach Form

This form can be used to ensure all relevant issues are addressed. It will automatically be sent to SDC HR.

This form should be completed by the person who has responsibility for data protection within your organisation when investigation into the breach has been completed.

A copy of this form will be emailed to the person who completes it and should be filed for future reference and in case the ICO requires to see it.


Name and Job Title
Note: if ‘yes’ we must notify the other organisation immediately.
If ‘yes’ investigate as per ‘Response Plan’ in Data Breach Policy. If ‘no’ consider recording in Data Breach Log as a ‘near miss’. If ‘not sure’ investigate further to determine.


To be completed once investigation completed
e.g. email system, manual file, data on server or computer, etc
Note: those marked ‘(S)’ are sensitive personal data.
i.e. could it be discovered by a member of the public from available resources?
Note: if ‘yes’ then action must be taken to report to Information Commissioner’s Office within 72 hours of when we became aware of the breach. Serious breaches should be reported to the ICO’s security breach helpline on 0303 123 1113 (open Monday to Friday 9am to 5pm). Select option 3 to speak to ICO staff who will be able to assist. Alternatively, notification should be in writing to ‘’ or by post to the ICO at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
Note: if ‘yes’ then action must be taken to report what has happened to the data subject/s themselves and provide any suitable advice they can follow to minimise this risk. See ‘Informing Data Subjects’ in the Data Breach Policy.



Record Keeping

Privacy Notices
Data in this form is processed by SDC HR as an article 28 GDPR processor to the organisation above. As such SDC HR is a data processor and the data controller is the organisation in question, which should ensure that this processing activity is reflected in its privacy notice/s.