Report a Breach

In certain situations, if your organisation has suffered a personal data breach, the Law requires this to be reported to us. This is an important tool for both the regulated community and the ODPA. Organisations need to ensure they have robust processes in place to respond to data breaches and the ODPA will use the information to support awareness and compliance campaigns.

Before completing the below form, please consider reading our guidance.

When you report a personal data breach to the ODPA, we will collect your personal data, as well as that of the Data Protection Officer of the controller (where applicable). The ODPA requests that names of other people, such as those whose data was compromised, are not provided as part of this process. If such information is required, the ODPA will request it from you following receipt of this form. The ODPA will be in contact once the breach report has been reviewed or if more information is required. 

Purposes and legal basis 
All personal data collected during the completion of this form, and any subsequent communications relating to the personal data breach, is processed for the purposes of recording, assessing, decision making, and, where necessary taking regulatory action, in respect of personal data breaches. 
The legal basis relied upon by the ODPA to process this personal data is under paragraph 8 (to exercise any right or power, or perform or comply with any duty, conferred or imposed on the controller by an enactment) of Schedule 2, Part II of the Law. 
For further information on how personal data is processed by the ODPA, please see our data processing notice

Notification of Personal Data Breach

If you have already raised a breach and need to provide ODPA with additional information

Please email the following address

In order to identify your case, please provide:

  • Organisation Name
  • Contact Email Address
  • Previous date of breach
  • Case Reference Number (if you do not have a case number, please wait for the initial communication for emailing ODPA)
  1. 1Controller Affected
  2. 2Jurisdiction
  3. 3Categorisation
  4. 4Breach Details
  5. 5About You

Controller Affected

Data Protection Officer (DPO)


DPO Contact Details