Switcheroo.co.uk Data Breach Notification Policy

1. Purpose

This policy establishes the guidelines for the detection, reporting, and response to data breaches involving personal and sensitive information held by Switcheroo.co.uk, ensuring compliance with applicable laws and regulations.

2. Scope

This policy applies to all employees, contractors, and third-party service providers of Switcheroo.co.uk who have access to personal and sensitive data.

3. Definitions

Data Breach: Any unauthorized access, disclosure, alteration, loss, or destruction of personal or sensitive data.
Personal Data: Any information relating to an identifiable person.
Sensitive Data: Special categories of personal data requiring higher levels of protection.

4. Roles and Responsibilities

Data Protection Officer (DPO): Oversees data protection strategy and implementation.
IT Security Team: Responsible for maintaining secure systems, detecting breaches, and implementing corrective measures.
All Employees: Required to report any suspected data breaches immediately.

5. Breach Detection

Proactive measures will be employed to detect data breaches, including but not limited to:

Regular system audits.
Intrusion detection systems.
Employee training and awareness programs.

6. Reporting a Breach

In the event of a data breach or suspected breach, the incident must be reported immediately to the DPO and IT Security Team.

7. Breach Assessment

Upon notification of a breach, the IT Security Team will:

Conduct an initial assessment.
Determine the scope and impact of the breach.
Notify the DPO and senior management.

8. Notification Procedures

In the case of a significant breach, the following notification procedures will be enacted:

Regulatory Notification: Inform relevant authorities in accordance with GDPR or other applicable regulations within 72 hours of the breach discovery.
Individual Notification: Inform affected individuals without undue delay if the breach poses a high risk to their rights and freedoms.

9. Documentation and Record Keeping

All data breaches will be documented, detailing:

The nature of the personal data involved.
The likely consequences of the breach.
The measures taken or proposed to address the breach.

10. Review and Evaluation

This policy and its procedures will be reviewed annually or after a significant breach to ensure effectiveness and compliance with evolving data protection regulations.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.