A letter to be sent by a data controller to notify the Information Commissioner of a serious breach of personal data security under the Data Protection Act 1998 (non-PECR).
Note: With effect from 9 February 2018, this resource is no longer being maintained. From 25 May 2018, the EU General Data Protection Regulation ((EU) 2016/679) (GDPR) replaced the current regime established by the Data Protection Act 1998. It is supplemented by the Data Protection Act 2018. For legal developments between 22 August 2017 and 24 May 2018, please refer to the legal updates on the topic pages for this resource: Data Protection Bill 2017-19 legislation tracker).