Oes angen i fi adrodd tor?
If you are unsure whether your organisation needs to report a breach to the ICO, use our self-assessment tool or darllen ein enghreifftiau.
Mae gennyn nicanllaw syml to help small companies and sole traders in the first 72 hours after discovering a breach.
PMae hefyd gennyn nicanllaw manwlam sut i rheolibreach, including risk assessments and informing individuals.
Sut ydw i'n adrodd ynghylch tor?
You can report a breach online. The online form should take approximately 30 minutes to complete. Please ensure you have all the details regarding the breach ready before you start – you can't save the form and return at a later date.
Cymraeg
Fersiwn beta o'r ffurflen we ar gyfer rhoi gwybod am dor data personol sydd ar gael ar hyn o bryd a hynny mewn Saesneg yn unig. Rydyn ni wrthi’n gweithio ar fersiwn Cymraeg fel rhan o'r gwaith datblygu. Am y tro, os hoffech gyflwyno adroddiad tor data personol yn Gymraeg, defnyddiwch y ffurflen sydd ar gael i’w lawrlwytho isod.
Fersiwn beta o'r ffurflen we ar gyfer rhoi gwybod am dor data personol sydd ar gael ar hyn o bryd a hynny mewn Saesneg yn unig. Rydyn ni wrthi’n gweithio ar fersiwn Cymraeg fel rhan o'r gwaith datblygu. Am y tro, os hoffech gyflwyno adroddiad tor data personol yn Gymraeg, defnyddiwch y ffurflen sydd ar gael i’w lawrlwytho isod.
Gallwch hefyd rhoi gwybod gan gwblhau ein ffurflen gallwch lawrlwytho
Completing a downloadable form / Llenwi ffurflen y gellir ei lawrlwytho
If you have experienced a data breach and need to report it but you’re confident you can manage it without support from the ICO, you may prefer to report it online. You may also want to report a breach online if you are still investigating and will be able to provide more information at a later date.
The online form can also be used to report breaches outside our normal opening hours.
If you are reporting online please make sure you include the telephone number of someone familiar with the breach, in case we need to follow up with you about any of the information provided.
Ffurflen hysbysu toriad diogelwch data (Cliciwch dde ar y ddolen a dewiswch 'Save Link As' neu 'Save Target As' i lawrwytho'r ffurflen cyn cychwyn.)
We have also created a guide to help you complete the personal data breach reporting form. Right click on the link and select 'Save Link As' or 'Save Target as' to download the guide.
Pa gwybodaeth fe fyddwn i angen darparu
Byddwn yn gofyn cwestiynau i chi ynghylch:
- beth sydd wedi digwydd;
- pan a sut oeddech yn ffeindio allan am y tor;
- y pobl oedd yn cael eu effeithio gan y tor;
- beth chi'n gwneud fel canlyniad o'r tor; a
- pwy dylen ni cysylltu gyda os rydyn ni'n angen mwy o wybodaeth a phwy arall yr ydych chi wedi dweud i.
You should ensure the information provided is accurate and supply us with as much detail as possible. We'll send you a copy of the information you give us.
Beth sy'n nesaf?
When reporting a breach, you should give as much detail as possible and be as accurate as you can. We will use the information you provide to decide what should happen next.
Efallai byddwn yn ddefnyddio i gymryd gweithrediad rheoleiddiol, neu i adnabodtueddiadau digwyddiadau diogelwch data.
Where appropriate, we may share it with law and cybercrime agencies or other regulators. We may also share information with other regulators, such as the Financial Conduct Authority. Where an incident is relevant to another country, we may also share the information with appropriate regulatory representatives in that country. Let us know if you’d like more information about this.
Digwyddiadau seibr
Unless you can’t access your system, you should report cyber incidents online.
Where a significant cyber incident occurs, you may also need to report this to the National Cyber Security Centre (the NCSC). To help you decide, you should read the Arweiniad y NCSC about their role and the type of incidents that you should consider reporting.
Incidents that are not considered significant and those that might lead to a heightened risk of individuals being affected by fraud, should be reported to 'Action Fraud' – the UK’s national fraud and cybercrime reporting centre. If your organisation is in Scotland, then reports should be made to Heddlu Yr Alban.
Where appropriate, the ICO may liaise with the above organisations in relation to the incidents reported to us. However, it is your responsibility to ensure all relevant authorities are made aware of an incident.