Home / Services / GDPR / Breach Response
GDPR

Data Breach Response 72-Hour ICO Notification Support

Expert data breach response when it matters most. We assess the breach, determine notification obligations, prepare ICO notifications within 72 hours, advise on individual notification and guide remediation — turning a crisis into a controlled, compliant response.

Get Breach Support Now 0333 3233 785
72hrICO notification window
Art 33Breach notification obligation
Art 34Individual notification
24/7Breach support for DPO clients
Breach Response

When a Data Breach Happens

A workplace risk assessment is a systematic examination of your work activities, premises and processes to identify what could cause harm to people — and whether you're doing enough to prevent it. Under the Management of Health and Safety at Work Regulations 1999 (MHSWR), every employer must carry out a suitable and sufficient assessment of the risks to the health and safety of their employees and anyone else who may be affected by their work activities.

If you have five or more employees, the significant findings of your risk assessment must be recorded in writing. But regardless of your size, risk assessment is the foundation of every health and safety management system — without it, you're managing safety blind.

RADCaT's qualified health and safety consultants carry out thorough, practical workplace risk assessments for businesses of every size and sector across the UK. We don't produce generic templates — we visit your premises, walk your processes, talk to your team and produce site-specific, task-specific assessments that genuinely reflect your operations and give you a clear, prioritised action plan for improvement.

Whether you need a general workplace risk assessment for your office, a task-specific assessment for high-risk activities in a factory, a site-wide review for a multi-building campus, or a pre-project risk assessment for a construction site — RADCaT delivers expert, HSE-compliant assessments tailored to your industry and your operations.

The 72-hour clock starts when you become aware of the breach — not when you've finished investigating. Every hour of delay without assessment is an hour closer to the deadline. RADCaT provides immediate expert guidance to ensure your response is timely and compliant.

Breach Response from RADCaT
Types of Risk Assessment

Breach Response Services

From first alert to post-breach review.

Breach Assessment

Immediate assessment of the breach — what happened, what data is affected, how many individuals, what's the risk level. Determination of whether ICO notification is required.

72-Hour ICO Notification

Preparation and submission of the ICO breach notification within the statutory 72-hour window. Complete, accurate reporting that satisfies Article 33 requirements.

Individual Notification

Where Article 34 applies, we draft clear, compliant notifications to affected individuals — explaining what happened, what data was affected, what you're doing about it and what they should do.

Containment Advice

Immediate guidance on containing the breach — revoking access, isolating systems, recovering data, preserving evidence and preventing further exposure.

Remediation Planning

Recommendations for preventing recurrence — technical improvements, process changes, training needs, policy updates and monitoring enhancements.

Post-Breach Review

Comprehensive post-incident review documenting timeline, root cause, response actions, lessons learned and improvement recommendations. Essential documentation for your breach register.

Every Industry

Risk Assessments for Your Sector

Every industry has different hazards. We tailor every assessment to your specific sector and operations.

Factories & Warehousing

Machinery, forklift, racking, noise

Transport & Logistics

Depot safety, loading bays, vehicles

Construction

CDM, excavations, heights, demolition

Schools & Education

Classrooms, labs, playgrounds, trips

Care & Healthcare

Patient handling, clinical, infection

Chemical

Process safety, COSHH, DSEAR

Hospitality

Kitchens, fire, slips, public safety

SMEs & Offices

DSE, fire, general workplace

Charities

Events, lone working, volunteers
Our Process

How We Carry Out a Risk Assessment

1

Alert & Assessment

You contact us immediately when a breach is suspected. We assess the nature, scope and severity of the breach and determine notification obligations.

2

Containment

We advise on immediate containment actions to limit the impact of the breach and prevent further data exposure.

3

ICO Notification

Where required, we prepare and submit the ICO notification within 72 hours. Accurate, complete reporting that demonstrates your compliance.

4

Individual Notification

Where high risk to individuals exists, we draft and help you issue notifications to affected persons with clear, practical guidance.

5

Review & Remediation

Post-breach review identifying root cause, lessons learned and recommended improvements. Documented for your breach register and accountability records.

Related Services

Complete Your Compliance Puzzle

External DPO

Data Protection Officer

GDPR Audits

Compliance gap analysis

DPIAs

Privacy impact assessments

Policy Development

Privacy & data policies

Breach Response

72-hour notification support

Subject Access

SAR & FOI management

GDPR Training

Staff awareness courses

Schools DPO

Education sector specialist

Health & Safety

Workplace compliance

HR Services

Employment law support

On-Site Training

At your premises

Cybersecurity Training

Phishing & data security
Common Questions

Breach Response FAQ

Do all breaches need reporting to the ICO?

No. Only breaches likely to result in a risk to individuals' rights and freedoms. A misdirected email containing sensitive medical data — yes. An employee accidentally accessing a colleague's basic contact details — probably not. RADCaT assesses each breach against the ICO's risk threshold.

What is the 72-hour rule?

Article 33 requires ICO notification within 72 hours of becoming aware of a reportable breach. "Becoming aware" means when you have a reasonable degree of certainty a breach has occurred — not when you've completed a full investigation.

What happens if we miss the 72-hour deadline?

You must still notify and explain the delay. The ICO considers late notification as an aggravating factor. Having a clear breach procedure and expert support means you're much less likely to miss the deadline.

Do we need to tell affected individuals?

Under Article 34, yes — if the breach is likely to result in a HIGH risk to their rights and freedoms. Not all ICO-reportable breaches require individual notification. RADCaT assesses the risk level and advises accordingly.

Is breach support included in DPO services?

Yes. For RADCaT DPO clients, breach response support is included in the annual retainer at no additional cost. For non-DPO clients, we provide breach consultancy on a rapid-response basis.

What should we do right now if we have a breach?

Document what you know. Contain the breach if possible. Do not delete evidence. Contact RADCaT immediately. Do not attempt to complete a full investigation before seeking advice — the 72-hour clock is running.

How much does breach response cost?

For DPO clients: included in retainer. For other organisations: rapid-response consultancy priced based on breach complexity. Contact us immediately — time is critical.

Experiencing a Data Breach?

Contact us immediately. The 72-hour clock is running.

Get Breach Support Now 0333 3233 785