How to implement the control:
A useful guide on what you must do after becoming aware of a security breach was published by the ICO and can be found here.
Answer yes if your organisation has a documented process for notifying the ICO when it becomes aware of a security breach involving Personal Data.
Under GDPR are required to notify your Supervisory Authority (if you are in the UK that’s the ICO) if a personal data breach occurs.
If you would like to contribute to this article or provide feedback, please email email@example.com. Contributors will be recognised on our contributors page.