In certain situations, if your organisation has suffered a personal data breach, the Law requires this to be reported to us. This is an important tool for both the regulated community and the ODPA. Organisations need to ensure they have robust processes in place to respond to data breaches and the ODPA will use the information to support awareness and compliance campaigns.
Before completing the form, please consider reading our guidance.
When you report a personal data breach to the ODPA, we will collect your personal data, as well as that of the Data Protection Officer of the controller (where applicable). The ODPA requests that names of other people, such as those whose data was compromised, are not provided as part of this process. If such information is required, the ODPA will request it from you following receipt of this form. The ODPA will be in contact once the breach report has been reviewed or if more information is required.
Purposes and legal basis
All personal data collected during the completion of this form, and any subsequent communications relating to the personal data breach, is processed for the purposes of recording, assessing, decision making, and, where necessary taking regulatory action, in respect of personal data breaches.
The legal basis relied upon by the ODPA to process this personal data is under paragraph 8 (to exercise any right or power, or perform or comply with any duty, conferred or imposed on the controller by an enactment) of Schedule 2, Part II of the Law.
For further information on how personal data is processed by the ODPA, please see our data processing notice.