Data Breach Response Plan

Version: 22/08/23

  1. Introduction

This Data Breach Response Plan outlines the steps Live Like Loyalty will take in the event of a data breach to mitigate the impact on affected individuals and comply with data protection regulations.

  1. Data Protection Officer (DPO) Contact

– In case of a data breach, the designated Data Protection Officer (if applicable) should be immediately notified. Contact information:

– Vicky Denby, CEO

– Phone: +44 (0) 1522 412151

– Email: vicky@livelikeloyalty.com

  1. Immediate Response

– Upon discovering a data breach, the individual who identifies the breach should take immediate action to limit its scope and potential damage.

– If applicable, disconnect affected systems from the network to prevent further unauthorised access.

– Preserve any evidence related to the breach for investigation and reporting purposes.

  1. Assessment and Containment

– The incident response team will assess the nature and scope of the breach.

– Determine the cause of the breach and take necessary measures to contain and mitigate its impact.

  1. Notification and Reporting

– If the breach is likely to result in a risk to the rights and freedoms of individuals, notify the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of the breach.

– Document and report all relevant information about the breach to the ICO, including its nature, scope, potential impact, and the actions taken to mitigate it.

  1. Communication with Affected Individuals

– If the breach is likely to result in high risk to the rights and freedoms of individuals, communicate the breach to affected individuals without undue delay.

– Provide clear and accurate information about the breach, its potential impact, and the steps they can take to protect themselves.

  1. Internal Communication

– Maintain clear communication with relevant internal stakeholders, including management, legal, HR, and IT departments if applicable.

– Provide updates on the breach investigation, containment efforts, and any legal or regulatory obligations.

  1. Remediation and Prevention

– Identify and implement measures to prevent a similar breach from occurring in the future.

– Evaluate the effectiveness of current security controls and make necessary improvements.

  1. Documentation and Learning

– Document all actions taken during the breach response process for future reference and regulatory compliance.

– Conduct a post-incident review to identify lessons learned and opportunities for improvement in breach response procedures.

  1. Legal Considerations

– Consult with legal advisors to understand any potential legal consequences or obligations resulting from the breach.

– Maintain compliance with data protection laws and regulations throughout the breach response process.

  1. Policy Review

This Data Breach Response Plan will be reviewed regularly to ensure its effectiveness and relevance.