Report a Data Breach
Report a personal data breach to our Data Protection Officer. Report immediately — some breaches must be reported to the ICO within 72 hours.
What counts as a data breach?
A personal data breach can include loss, theft, accidental disclosure, unauthorised access, alteration or deletion of personal information. It is not limited to cyber-attacks — it can include emails sent to the wrong person, lost paperwork, misplaced devices, or information being accessed by someone who should not see it.
What should you do?
- Contain the breach if it is safe to do so — recall an email, retrieve documents, or secure the device or record.
- Do not ignore it or try to deal with it alone.
- Report it to the DPO immediately. Some breaches must be reported to the ICO within 72 hours.
- Preserve the facts — keep emails, screenshots, envelopes, logs or notes.
- Do not contact affected individuals unless instructed — the risk must be assessed first.
Report suspected breaches immediately — even if you are unsure whether it is a breach.
Breach Report Form
Complete this form with as much detail as possible. For urgent situations, please phone the DPO first.