Data Breach Report Form (GDPR-Compliant)
This Data Breach Report Form is designed for internal use within your
business and should be used by staff to report suspected or actual data
breaches in accordance with a Data Breach Policy.
A data breach (which may or may not involve personal data) can take many
forms. It may, for example, involve the loss or theft of data, the
unauthorised access to, use of, or modification of data, or something
apparently less direct such as equipment damage, human error, or the loss
or theft of equipment.
Staff are instructed to complete the form and to send it to the appropriate
individual or department (this should be your Data Protection Officer if
you have one). Staff are also reminded that once the form is submitted,
they should not attempt to resolve the matter themselves and should
certainly not notify the Information Commissioner’s Office or any affected
data subjects. Such decisions will generally be – as the saying goes –
above their pay grade.
This form can optionally be sent anonymously. If you wish to allow
anonymous reporting, it is important to have a mechanism in place for doing
so that doesn’t result in the sender being identified indirectly.
The Data Breach Report Form asks for key details of the breach including
the date and time it occurred, the date and time it was discovered, the
types of data (and, where personal data is involved, data subject)
involved, how much data is involved, and what caused the breach.
Many members of staff will not be data protection experts, but they should
be trained to spot a breach and encouraged to provide as much information
as they can in these circumstances. Awareness of your Data Protection
Policy and Data Breach Policy is therefore important.
Upon receipt of this form, the steps set out in your Data Breach Policy
should be followed in order to contain, manage, investigate, notify, and
respond to the breach.
Optional phrases / clauses are enclosed in square brackets. These should be
read carefully and selected so as to be compatible with one another. Unused
options should be removed from the document.
This Data Breach Report Form is in open format. Either enter the requisite
details in the highlighted fields or adjust the wording to suit your
Once you have purchased access to the appropriate document folder click on
the “Download Document” link below. You will be asked what you want to do
with the file. It is recommended that you save the document to a location
of your choice prior to viewing.