- Our legal responsibilities to assess and act on all incidents with urgency
- Our legal responsibilities to report to the ICO and the affected data subject(s) where that is relevant and required
- Implementing steps of mitigation as soon as possible to prevent or limit further impact
- Conducting a full investigation into the cause(s) and, wherever possible, introducing remedial measures
- Maintaining a record of incidents
We have conducted thorough staff training for all employees covering incident prevention, detection and response. We also have an extensive internal policy governing incident response which is regularly reviewed.