Data Protection Policy

13. Notification

13.1 We recognise that whilst there is no obligation for us to make an annual notification to the UK Information Commissioner's Office (ICO) under the GDPR, we will consult with the ICO where necessary when we are carrying out “high risk” processing.

13.2 We will report breaches (other than those which are unlikely to be a risk to individuals) to the ICO where necessary, within 72 hours. We will also notify affected individuals where the breach is likely to result in a high risk to the rights and freedoms of these individuals.