Network Trace
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

12) Does your organisation have a process for notifying the relevant Authority and all relevant parties (e.g. data controllers) when a breach occurs?

August 30, 2022
Breach Notification

Answer yes if your organisation has a documented process for notifying the relevant Authority for your jurisdiction and all data controllers or other relevant parties when it becomes aware of a security breach involving Personal Data.

Under the GDPR, there are certain incidents that must be reported to the relevant Supervisory Authority (if you are in the UK, that's the ICO). All organisations that process personally identifiable information (PII) should have a process in place to assess a potential breach and to notify the relevant Authority if required.

How to implement the control

A useful guide on what you must do after becoming aware of a potential breach was published by the ICO and can be found here.

If you would like to contribute to this article or provide feedback, please email Contributors will be recognised on our contributors page.

Pattern Trapezoid Mesh

Defend against supply chain attacks with Defend-As-One.

No organisation is an island.