Purpose

The purpose of this policy is to provide the Company's intent, objectives, and procedures regarding data breaches involving personal information. As we have obligations under the [UK GDPR and/or PECR], we also have a requirement to ensure that adequate procedures, controls, and measures are in place and are disseminated to all employees; ensuring that they are aware of the protocols and reporting lines for personal information data breaches. This policy details our processes for reporting, communicating, and investigating such breaches and incidents.