This document sets out Node4's policy on the identification and notification of Personal Data Security Breaches to ensure compliance with applicable Data Protection Laws. Node4 Limited shall act with integrity and in compliance with the applicable law and regulations for the reporting of Data Breaches.
Under applicable Data Protection Laws, organisations have a duty to report certain types of Personal Data Breaches to the ICO and in some cases to the individuals affected; notifiable breaches must be reported within 72 hours of being identified by the organisation. The UK GDPR recognises that it will often be impossible to investigate a breach fully within that time-period and allows information to be provided in phases.
This policy relates to all formats of personal and sensitive data held by Node4 and applies to all employees, including temporary, casual or agency staff and contractors, consultants, suppliers and data processors working for, or on behalf of Node4. The objective of this Policy is to contain breaches, minimise the associated risk and consider appropriate action to secure personal data and prevent future breaches.
