Wraybsury & Horton Resilience Logo
Wraysbury & Horton Resilience Logo
Wraysbury & Horton Resilience – Supporting the community

Data Breach Protocol

Date adopted: 17th August 2025

Review date: August 2026

β€”β€”β€”β€”β€”β€”β€”β€”β€”β€”

Wraysbury & Horton Resilience – Vulnerable Residents Database

This protocol outlines the steps to follow in the event of a personal data breach involving the community database of vulnerable residents.

1. Immediate Actions

  • Secure the system: stop the breach if possible (e.g. disconnect a device, disable access).
  • Preserve evidence: do not delete logs, emails, or relevant files.
  • Notify the Data Protection Lead (or Safeguarding Officer in their absence), immediately.

2. Assess the Breach

Determine the scope and potential impact of the breach:

  • What type of data was involved?
  • How many individuals were affected?
  • Was the data accessed, stolen, deleted, or shared?
  • Does the breach involve sensitive categories (e.g. medical or vulnerability information)?

3. Notify the ICO

If the breach is likely to pose a risk to the rights and freedoms of individuals, notify the Information Commissioner’s Office (ICO) within 72 hours:

Report online at: https://ico.org.uk/for-organisations/report-a-breach/

4. Notify Affected Residents

If the breach poses a high risk to residents (e.g. exposure of vulnerability, personal safety risk), contact those affected as soon as possible:

  • Explain what happened and what data was affected.
  • Describe what actions have been taken.
  • Provide a named contact person for support – Data Protection Lead, Safeguarding Officer.
  • Advise residents to be vigilant for scams or suspicious activity.

5. Offer Support

Support should include reassurance and a clear contact point for further questions or concerns.

  • Data protection Lead, Safeguarding Officer.

6. Internal Review

  • Conduct an internal investigation into the cause and circumstances.
  • Identify failures in procedure or controls.
  • Implement corrective actions and retraining where needed.
  • Document all steps and decisions taken.

7. Breach Report Template

Each breach should be documented using a standard format including:

  • Date and time of breach
  • Description of breach
  • Who was affected and how many individuals
  • Actions taken and notifications issued
  • Lessons learned and follow-up actions

Appendix A

Roles and Responsibilities

Constitutional RolesRepresentative
Data Protection LeadSimon Carter
Safeguarding OfficerDianne Cranmer