This policy outlines our commitment to you in terms of the reporting of a data breach. We will comply with the guidelines laid out in the General Data Protection Regulations (GDPR) at all times.
A personal data breach means a breach of security leading to the destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This means that a breach is more than just losing personal data.
Your the Boss will report any personal data breach to the Information Commissioners Office (ICO) where it is likely to result in a risk to the rights and freedoms of individuals.
If unaddressed such a breach is likely to have a significant detrimental effect on individuals – for example, result in discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage.
This has to be assessed on a case by case basis.
In addition to reporting the Data Breach to the ICO if any breach has a likelihood of a high risk to people’s rights and freedoms, Your the Boss will also report the breach to the individuals who have been affected. High risk situations include the potential of people suffering significant detrimental effect – for example, discrimination, damage to reputation, financial loss, or any other significant economic or social disadvantage.
Your the Boss will report any personal data breach that affects people’s rights and freedoms, without undue delay and, where feasible, not later than 72 hours after having become aware of it.
If the breach is sufficiently serious to warrant notification to the public, the organisation responsible must do so without undue delay.
Your the Boss will use either the telephone reporting service or web reporting form provided by the ICO.
Where Your the Boss doesn’t have all the details available, we will provide additional information as soon as it becomes available.