Back to Services

Data Breach Response

When a breach occurs, you have 72 hours to notify the ICO. We make those 72 hours count.

Engagement model

Triage → Contain → Notify → Remediate

72-hour response capability

Tell me what's broken

The Problem

A data breach is not a question of “if” but “when.” UK GDPR Articles 33–34 require ICO notification within 72 hours for breaches likely to result in risk to individuals. Most businesses discover they have no plan at the moment they need one most.

What I Deliver

01

Breach Triage (Emergency — 4-Hour Response)

4 hours from engagement

Immediate breach severity classification and containment guidance.

  • Severity classification (Critical/High/Medium/Low)
  • Containment guidance specific to breach type
  • Risk scoring using 4-factor matrix (sensitivity × volume × accessibility × harm)
  • ICO notification decision (do you need to report?)
  • Triage report with severity classification and recommended actions
02

Breach Management

48 hours (within 72-hour deadline)

Everything in Tier 1, plus ICO notification and individual communications.

  • ICO notification form completion and filing support
  • Individual notification letter drafting (if required)
  • Breach log entry creation
  • Evidence preservation guidance
  • ICO notification ready to submit + individual notification letters
03

Post-Breach Investigation and Remediation

2–4 weeks post-breach

Everything in Tiers 1 and 2, plus root cause analysis and remediation.

  • Root cause analysis
  • Contributing factors assessment
  • Remediation plan with timelines and ownership
  • Post-incident review report
  • Staff training recommendations
  • Policy updates
  • ICO follow-up correspondence

My Authority

This service is built on:

  • 6 ICO breach notification guidance documents
  • UK GDPR Articles 33–34 (breach notification and communication)
  • 745-line Data Breach Response Plan with decision trees
  • Severity classification system with response time standards
  • Risk scoring matrix
  • ICO notification checklist
  • Special scenario playbooks: ransomware, malicious insider, third-party breach, lost documents, stolen devices

Interested in this service?

Describe the problem. I'll scope a solution and explain exactly what you'll get.

72-hour response capability

Email hello@anomalyops.com

AnomalyOps provides information and compliance operations support, not legal advice. We are not a law firm and are not regulated by the Solicitors Regulation Authority. For legal advice, we recommend consulting a qualified solicitor.