Personal Data Breach Policy

Effective Date: 18/09/2024

Last Reviewed Date: 18/09/2024

  1. Purpose: How Data Breaches Are Managed

At Jedi Sales Consultants Ltd, we take data protection and privacy seriously, even though we do not directly hold or process personal data. As part of our compliance commitment, we are registered with the Information Commissioner’s Office (ICO) at Tier 1.

This policy outlines the steps we take to identify, report, contain, and evaluate data breaches that may occur within the scope of our advisory services or in collaboration with clients. While Jedi Sales Consultants Ltd does not act as a data controller or processor, we assist clients in managing data security risks and responding effectively to breaches.

 

  1. Identification: How to Recognize a Data Breach

A data breach occurs when personal or sensitive information is:

  • Lost: Misplaced or no longer accessible.
  • Stolen: Accessed without authorization through cyberattacks, phishing, or physical theft.
  • Disclosed: Shared with unauthorized individuals.
  • Altered: Modified without permission.
  • Destroyed: Lost due to accidents, malicious activities, or technical failures.

Even though we do not store personal data, breaches may arise during client interactions or within our advisory role. Our staff are trained to identify potential security risks, unusual system activity, and vulnerabilities that could impact clients.

 

  1. Reporting: How and When to Report a Data Breach

If a breach is suspected or identified, it must be reported immediately to Jedi Sales Consultants Ltd’s designated supervisor.

Reporting Process:

  1. Internal Notification: Any employee who becomes aware of a breach must report it immediately.
  2. Reporting Timeline: Breaches should be reported within 24 hours of identification.
  3. Client Notification: If the breach affects a client’s data or systems, Jedi Sales will notify them promptly and provide advisory support.
  4. Regulatory Compliance: Clients remain responsible for reporting breaches under GDPR. Jedi Sales will support their compliance efforts where necessary.

While Jedi Sales does not process personal data, we play an advisory role in ensuring our clients are informed of risks and obligations under UK data protection laws.

 

  1. Containment and Recovery: Steps to Control and Recover from a Breach

Upon reporting a breach, Jedi Sales Consultants Ltd follows these steps:

Assess the Scope: The supervisor will evaluate the extent of the breach and determine whether client data is affected.

Containment: If security vulnerabilities exist (e.g., unauthorized access to accounts), immediate measures will be taken, such as:

  • Resetting passwords.
  • Revoking access credentials.
  • Suspending compromised services.

Client Collaboration: If the breach impacts a client, Jedi Sales will provide recommendations on mitigation strategies, securing compromised systems, and data recovery.

Documentation: All breaches, response actions, and client communications will be recorded for internal review and compliance.

 

  1. Notification: Informing Affected Individuals and Authorities

Since Jedi Sales Consultants Ltd does not store personal data, clients hold the responsibility for regulatory reporting. Under GDPR, notification obligations include:

  • ICO Notification: If the breach poses a risk to individuals’ rights and freedoms, the client must notify the ICO within 72 hours of awareness. Jedi Sales will support the client by providing details of the breach and corrective actions taken.
  • Affected Individuals: If the breach poses a high risk to individuals (e.g., identity theft, financial fraud), the client must notify them without undue delay.
  • Advisory Support: Jedi Sales will assist clients in determining when and how to issue notifications, ensuring compliance with UK data protection laws.

 

  1. Review and Evaluation: Learning from the Breach

Once containment and resolution are complete, Jedi Sales Consultants Ltd conducts a full review to assess:

  1. Root Cause Analysis: Identifying the origin of the breach and potential prevention strategies.
  2. Response Effectiveness: Evaluating response times, decision-making processes, and containment measures.
  3. Client Feedback: Gathering input from clients on the adequacy of our support.
  4. Process Improvement: Updating internal procedures and recommending security enhancements for clients.

All findings will be documented, and lessons learned will be integrated into staff training and future risk management practices.

 

  1. Contact Information

For any inquiries related to this policy or assistance in data breach management, please contact:

Jedi Sales Consultants Ltd

Email: office@jedisales.co.uk

Phone: 07887 666655

Address: Wessex House, Eastleigh, Hampshire, SO50 9FD

For queries related to personal data breaches, please contact the relevant client directly, as they are responsible for data collection and protection.

 

  1. Policy Approval

Signed by: Nathan Ottaway

Role: Owner

Date: 18/09/2024