A letter to be sent by a data controller to notify affected data subjects of a personal data security breach under the Data Protection Act 1998 (non-PECR).
Note: With effect from 9 February 2018, this resource is no longer being maintained. From 25 May 2018, the EU General Data Protection Regulation ((EU) 2016/679) (GDPR) replaced the current regime established by the Data Protection Act 1998. It is supplemented by the Data Protection Act 2018. For legal developments between 9 February 2018 and 24 May 2018, please refer to the legal updates on the topic pages for this resource: see Data security.