Personal Data Breach Notification Procedure

1. Scope
This applies in the event of a personal data breach under Article 33 of the GDPR and Article 34. The GDPR draws a distinction between a “data controller” and a “data processor” in order to recognise that not all organisations have the same degree of responsibility.

2. Responsibilities
2.1 All users – staff and third party users, and owners of We Dig Media are required to be aware of, and to follow this procedure in the event of a
personal data breach.
2.2 All users should report any breach to the owners of We Dig Media.

3. Procedure
3.1 We Dig Media will report any personal data breach or security incident to all relevant data controllers on our books within 72 hours of knowing about the breach.
3.2 A breach notification will be made by email.
3.3 A confirmation of the receipt of this information will be made by email.
3.4 No data collected conventionally should result in a high risk to the rights and freedoms of the data subject, a risk analysis will be done of each new client and their requirements, which will result in an assessment of procedures.

This policy was approved by the Board of Directors on 5/12/2017 and is issued on a version controlled basis under the signature of the Directors.