Breach Reporting

Self Reporting form

This form is to be used when data controllers wish to report a personal data breach of the Data Protection (Jersey) Law 2018 to the Office of the Information Commissioner (OIC). It should not take more than 15 minutes to complete.

If you are unsure as to whether it is appropriate to report an incident, you should read the following guidance before completing the form: Notification of personal data breaches to the OIC.

Please provide as much information as possible and ensure that all fields are completed. If you don’t know the answer, or you are waiting on further information pending the completion of an internal investigation, please set that out in your response.

In the wake of a personal data breach, swift containment and recovery of the situation is vital. Every effort should be taken to minimise the potential impact on affected data subjects, and details of the steps taken to achieve this should be included in this form.

If you need any help in completing this form, please contact the office on +44(0)1534 716530 (operates 8.30am to 5pm Monday to Friday).

Guidance on Breach Reporting

Breach-related enquiries can also be made via email to breach@oicjersey.org

Notification of personal Data Breach

Fields marked with a * are required

Section 1 - Contact details

No Yes

Section 2 - Initial/follow-up notification and jurisdiction

First Second
No Yes
No Yes
No Yes

Section 3 - Initial information on the breach

A. INFORMATION ABOUT THE BREACH

B. INFORMATION ABOUT THE DATA

C. CONTAINMENT AND RECOVERY

Section 4 - Follow up information on the personal data breach

Declaration

  • I have included all the necessary supporting evidence with my breach report
  • I understand that the Commissioner may need to share the information I have provided to fulfil their regulatory functions so they can look into my breach report.
  • The information I have provided is accurate to the best of my knowledge.
  • I understand that the Commissioner will electronically store the information relating to my breach report, including the documents I have provided, and keep those records for 10 years following the conclusion of the enquiry.