GDPR Data Breach Policy
Mr Buff Detailing will appoint a person responsible for keeping the data breach register up to date and be responsible for all aspects of overseeing the company is compliant for any data breaches within the GDPR regulations.
When a data breach has occurred, the ICO suggests the need to establish the likelihood and severity of the resulting risk to people’s rights and freedoms. If it’s likely that there will be a risk, then we will notify the ICO; if it’s unlikely then we won’t report it.
In any case each breach will be assessed, and the decision agreed will be justified and documented in a register. Assessments will be considered in line with advice from the ICO website.
Reporting time limits
Any applicable data breaches will be reported to the ICO within 72 hours where possible and to the affected individual (s) without delay.