Scroll Top

Data breach reporting process

If you know or are unsure if a data breach has occurred, you must inform dataprotectionofficer@north-ayrshire.gov.uk immediately.

Why? As an organisation, the Data Protection Officer (DPO) only has 72 hours from the organisation being aware of the incident, to assess if the incident is reportable to the Information Commissioner’s Officer (ICO – the data protection governing body).

What if you are unsure if it is a breach or not? The DPO can still report advising we are unsure if it meets the criteria of a breach until we do further investigation.  A follow up report can then be submitted with the final outcome.

Why report if we are unsure, why not wait until we know? To ensure that we comply with the UK Data Protection Regulation (UK GDPR) we have a legislative obligation for the DPO to assess and report within 72 hours. If we report too late, this can result in action being taken against the Council by the ICO.

How to report a data breach icon with blue background and North Ayrshire Council logo
How to report a breach/incident

You should use the online data breach reporting form on Connects. Where there is a significant breach, an email should be sent to the dataprotectionofficer@north-ayrshire.gov.uk shared mailbox to highlight the significance. If you require any further assistance, please do not hesitate to contact the Data Protection Team shared mailbox.

Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.