05) Does your organisation have a process for notifying the relevant Supervisory Authority (for UK based entities, the ICO) and all relevant parties when a breach occurs?
GDPR Breach Notification
Written by Haydn Brooks
Created on March 18, 2019
Modified on August 27, 2019

Answer yes if your organisation has a documented process for notifying the ICO when it becomes aware of a security breach involving Personal Data.

Under GDPR are required to notify your Supervisory Authority (if you are in the UK that’s the ICO) if a personal data breach occurs.

How to implement the control:
A useful guide on what you must do after becoming aware of a security breach was published by the ICO and can be found [here](https://ico.org.uk/for-organisations/guide-to-pecr/communications-networks-and-services/security-breaches/ "ICO Breach Notification").

If you would like to contribute to this article or provide feedback, please email knowledge@riskledger.com. Contributors will be recognised on our contributors page.