Awdurdod annibynnol y Deyrnas Unedig a sefydlwyd i gynnal hawliau gwybodaeth er budd y cyhoedd, annog cyrff cyhoeddus i fod yn agored a hybu preifatrwydd data i unigolion.

Notifying individuals

You have procedures to notify affected individuals where the breach is likely to result in a high risk to their rights and freedoms.

Ways to meet our expectations:

  • You have a procedure setting out how you will tell affected individuals about a breach when it is likely to result in a high risk to their rights and freedoms.
  • You tell individuals about personal data breaches in clear, plain language without undue delay
  • The information you provide to individuals includes the DPO’s details, a description of the likely consequences of the breach and the measures taken (including mitigating actions and any possible adverse effects).
  • You provide individuals with advice to protect themselves from any effects of the breach.

Can you answer yes to the following questions?

  • Would individuals say that they were told about personal data breaches in a helpful and timely way?
  • Did they get the information they needed?
  • Were they satisfied with the steps you took to mitigate the impact?