How do I report a data breach?

A personal data breach is any security incident that leads to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data. Under GDPR Article 33, you must report qualifying breaches to your supervisory authority (the ICO in the UK) within 72 hours of becoming aware.

Steps

1. Log in to your DataShield HQ workspace.
2. Click Data Breaches in the left-hand navigation menu.
3. Click + Report Breach.
4. Fill in the breach details:
   • Title – A brief description (e.g. "Customer database exposed via misconfigured S3 bucket").
   • Discovered Date – When you first became aware of the breach.
   • Severity – Low / Medium / High / Critical.
   • Data Types Affected – e.g. Name, Email, Financial data, Health data.
   • Number of Subjects Affected – Estimated or known count.
   • Description – Full details of what happened, how it was discovered, and what data was involved.
   • Containment Actions – Steps already taken to stop the breach (e.g. access revoked, system patched).
5. Click Save.
6. Assess whether the breach is likely to result in a risk to individuals' rights and freedoms. If yes, you must notify the ICO within 72 hours.
7. Update the breach record with the outcome of your ICO notification and any communications sent to affected individuals.

Do I need to notify individuals?

If the breach is likely to result in a high risk to individuals (e.g. financial loss, discrimination, identity theft), you must also notify the affected data subjects directly without undue delay (GDPR Article 34).

Important

• Even if you decide not to report to the ICO, you must document your reasoning in the breach record.
• All breach records are stored securely and appear in your compliance audit trail.
• Contact your Data Protection Officer (DPO) immediately if you are unsure whether a breach needs to be reported.