Data Breach Response Readiness Check
Check whether your business is ready to respond to a personal data breach within the legal timeframe.
Why this matters
Under UK GDPR, a personal data breach that’s likely to result in a risk to people’s rights and freedoms must be reported to the ICO within 72 hours of the organisation becoming aware of it. If the breach is likely to result in a high risk, affected individuals must also be told without undue delay. Many businesses only think about breach response after something has gone wrong — by which point the 72-hour clock is already running and there’s no plan in place.
Common breaches for small businesses include sending an email to the wrong recipient with personal data attached, a lost or stolen laptop or phone containing customer data, a phishing attack that compromises a system holding personal data, or a misconfigured cloud storage folder. Having a simple, written breach response plan — who to notify internally, how to assess severity, and templates for ICO and customer notifications — turns a stressful, time-pressured situation into a manageable process.
What you'll need
- Knowledge of where your business stores personal data
- Your current incident response process, if any
- Who in your business would need to be told if a breach happened
What you'll get
A personalised compliance report covering: a score out of 100, an executive summary, a list of findings ranked by severity, and a prioritised action plan with timeframes.
This check assesses your readiness to respond to a data breach within the legal timeframe and highlights gaps in your plan, records and processes.
General guidance only — not legal advice. Consult a qualified UK solicitor for specific issues.