Report a data breach
If you suspect that a breach of the General Data Protection Regulations has or may have occurred, you should immediately contact the ISM Data Protection team by email at This email address is being protected from spambots. You need JavaScript enabled to view it.
You should provide as much information as possible, including:
- what information is involved, to whom it pertains and the number of individuals’ data involved
- what happened to it - lost, stolen, or inadvertently disclosed
- how the breach may have happened
- actions taken so far.
Data protection breaches include the accidental loss of data. This could involve a lost laptop or mobile phone with personal data stored on it or lost hard copies of files.
Even the loss or accidental disclosure of data relating to just one person can be of serious concern, particularly if it includes sensitive data such as health information, and should be reported immediately.
Any member of staff who realises that they have caused personal data to be lost or inadvertently disclosed must report the matter. Even if you have not been directly involved in the loss or disclosure, you are obliged to report the matter immediately.