Data breach notification form

Appendix 1 - form to be submitted to notify the NHSCFA of a data breach

Time/Date of breach incident:

Name & contact details of reporter

[for further incident information if required]

Nature of breach:

[include categories, approximate numbers of data subjects & approx. number of personal records concerned e.g. patients/service users; whether breach included health, antecedent or other sensitive info

Is breach likely to result in risks to freedoms of the data subject(s)?


No further action, file and retain report for audit/send DPO copy.


Complete additional information below and submit to Data Protection Officer within 36hrs of incident notification

Name and contact details of Information Asset Owner
Detail likely consequences of breach

Details measures taken to address the breach:

[include appropriate remedial measures taken to mitigate potential adverse effects)

If breach considered “high risk” detail reasonable options to notify data subject
Estimated recovery period
Time & Date submitted to the Data Protection Officer

[must be submitted within 36hrs of notification]

Help us improve

Tell us what's happened so we can fix the problem. Please do not provide any personal, identifiable or sensitive information.


Thanks for the feedback!