SafeWeb
  • SafeWeb Knowledge base
    • What is Dark Web Monitoring by SafeWeb?
      • How does SafeWeb Dark Web Monitoring work?
      • How often will I be informed of data breaches?
      • What do SafeWeb reports show?
      • Breach report actions
        • Data found on Dark Web
        • Credit card breach
        • Password breach
        • Employee or client personal data breach
        • Social media data breach
        • What is a notifiable data breach?
        • Do I need to inform my customers?
    • What is the 'Dark Web'?
      • What do hackers use the Dark Web for?
      • Business data on the Dark Web
      • Can data be removed from the Dark Web
      • Dark Web Monitoring
      • How much is Dark Web monitoring?
      • Is Dark Web Monitoring worth it?
      • Should my business monitor the Dark Web?
      • Can I monitor the Dark Web for business data breaches?
      • What is the Dark Web?
      • Are my company's details on the Dark Web?
      • Why should my business monitor the Dark Web?
    • How to resolve a breach
      • Data found on Dark Web
      • Credit card breach
      • Password breach
      • Employee or client personal data breach
      • Social media data breach
      • What is a notifiable data breach?
      • Do I need to inform my customers?
  • Ensure GDPR compliance
    • Introduction to UK GDPR
      • What is GDPR?
      • Do GDPR rules apply to small businesses?
      • Key Principles of GDPR
      • Page 3
    • Data Protection Officers
      • When is a DPO required?
      • Roles and Responsibilities of a DPO
      • Page 1
    • Principles of Data Processing
      • Consent
      • Legitimate Interests
      • Contracts
      • Legal Obligations
      • Vital Interests
      • Public Task
      • Consent Withdrawal
    • Data Subject Rights
      • Right to Be Informed
      • Right of Access
      • Right to Rectification
      • Right to Erasure (Right to Be Forgotten)
      • Right to Restrict Processing
      • Right to Data Portability
      • Right to Object
      • Rights Related to Automated Decision Making
    • Data Breach Identification and Notification
      • What Constitutes a Data Breach?
      • Obligations for Reporting Data Breaches
      • Timelines for Reporting
      • Notification Process
    • Data Protection Impact Assessments (DPIAs)
      • When Are DPIAs Required?
      • Steps to Conduct a DPIA
    • GDPR Compliance for SMEs
      • GDPR Policies and Documentation
      • Employee Training
      • Data Mapping and Inventory
    • Handling a Data Breach
      • Identifying a Breach
      • Immediate Response
      • Investigating the Breach
      • Communication with Affected Parties
      • Notification to Supervisory Authority
    • GDPR Enforcement and Penalties
      • Fines and Penalties
      • Cooperation with Regulatory Authorities
  • Breach Categories
    • Ages
    • Audio Recordings
    • Account Balances
    • Address Book Contacts
    • Avatars
    • Auth Tokens
    • Age Groups
    • Astrological Signs
    • Appointments
    • Apps Installed on Devices
    • Bios
    • Buying Preferences
    • Browsing Histories
    • Browser User Agent Details
    • Biometric Data
    • Beauty Ratings
    • Bank Account Numbers
    • Credit Status Information
    • Customer Feedback
    • Car Ownership Statuses
    • Credit Cards
    • Customer Interactions
    • Charitable Donations
    • Citizenship Statuses
    • Credit Card CVV
    • Career Levels
    • Cellular Network Names
    • Chat Logs
    • Clothing Sizes
    • Driver's Licenses
    • Dates of Birth
    • Device Information
    • Deceased Date
    • Drinking Habits
    • Device Usage Tracking Data
    • Deceased Statuses
    • Device Serial Numbers
    • Delivery Instructions
    • Drug Habits
    • Employment Statuses
    • Education Levels
    • Employers
    • Eating Habits
    • Encrypted Keys
    • Ethnicities
    • Email Messages
    • Email Addresses
    • Financial Transactions
    • Family Members' Names
    • Family Plans
    • Flights Taken
    • Fitness Levels
    • Family Structure
    • Financial Investments
    • Genders
    • Geographic Locations
    • Government Issued IDs
    • HIV Statuses
    • Home Ownership Statuses
    • Historical Passwords
    • Health Insurance Information
    • Homepage URLs
    • Income Levels
    • IMEI Numbers
    • IMSI Numbers
    • IP Addresses
    • Instant Messenger Identities
    • Job Titles
    • Job Applications
    • Loyalty Program Details
    • Login Histories
    • Living Costs
    • Loan Information
    • Licence Plates
    • Marital Statuses
    • Military Service
    • Mothers Maiden Names
    • Mnemonic Phrases
    • MAC Addresses
    • Names
    • Name
    • Nicknames
    • Nationalities
    • Net Worths
    • Occupations
    • Physical Attributes
    • Partial Phone Numbers
    • Parenting Plans
    • Passwords
    • Political Donations
    • Passport Numbers
    • Photos
    • Password Strengths
    • Physical Addresses
    • Partial Dates of Birth
    • Personal Health Data
    • Places of Birth
    • Phone Numbers
    • PINs
    • Payment Methods
    • Personal Interests
    • Partial Credit Card Data
    • Personal Descriptions
    • Payment Histories
    • Password Hints
    • Purchasing Habits
    • Private Messages
    • Professional Skills
    • Profile Photos
    • Political Views
    • Purchases
    • Religions
    • Relationship Statuses
    • Races
    • Recovery Email Addresses
    • Reward Program Balances
    • Sexual Orientations
    • Social Connections
    • School Grades (Class Levels)
    • Spoken Languages
    • Security Questions and Answers
    • Spouses Names
    • Survey Results
    • Salutations
    • Social Media Profiles
    • Social Security Numbers
    • Smoking Habits
    • Support Tickets
    • SMS Messages
    • Sexual Fetishes
    • Taxation Records
    • Travel Habits
    • Time Zones
    • Telecommunications Carrier
    • User Website URLs
    • User Statuses
    • Usernames
    • Utility Bills
    • Vehicle Details
    • Vehicle Identification Numbers (VINs)
    • Website Activity
    • Work Habits
    • Years of Professional Experience
Powered by GitBook
On this page
  1. SafeWeb Knowledge base
  2. How to resolve a breach

Do I need to inform my customers?

The ICO requires prompt action to be taken following data breaches that pose a risk to individuals.

Firstly, you need to decide if a breach poses a significant risk to the rights and freedoms of individuals. If so, the UK GDPR mandates direct and prompt notification to the affected parties. This notification should occur without unnecessary delay, essentially emphasising the need for immediate action.

One of the primary purposes of informing affected individuals is to empower them to take measures to safeguard themselves from the repercussions of a breach.

While this may sound straightforward, there are many variables involved in GDPR breaches and without experience, decision making can be tricky. If you decide not to inform your customers of a breach, you should clearly document your reasoning to demonstrate due process.

PreviousWhat is a notifiable data breach?NextEnsure GDPR compliance

Last updated 1 year ago