DATA BREACH POLICY
DATA BREACH POLICY
At Infinity Keepsakes we understand that EU citizens have certain rights in respect of their personal data and we need to have a process in place to deal with data breaches should they occur under the GDPR regulations.
Infinity Keepsakes will appoint a person responsible for keeping the data breach register up to date and be responsible for all aspects of overseeing the company is compliant for any data breaches within the GDPR regulations.
When a data breach has occurred, the ICO suggests the need to establish the likelihood and severity of the resulting risk to people’s rights and freedoms. If it’s likely that there will be a risk then we will notify the ICO; if it’s unlikely then we won’t report it.
In any case each breach will be assessed and the decision agreed will be justified and documented in a register. Assessments will be considered in line with advice from the ICO website.
Reporting time limits
Any applicable data breaches will be reported to the ICO within 72 hours where possible and to the affected individual (s) without delay.
Updated August 2019