Mandated Timeframe for Breach Reporting and/or Consumer Notification

Without unreasonable delay
Laws related specifically to personal information
  • Breach Reporting & Consumer Notification
  • Protect Personal Information
  • Program for Protection/Security
  • Third Party: Specific Obligations
  • Third Party: Mandated Contracts
  • Employee Training
  • Data Disposal/Destruction
  • Risk Assessment
  • Requests for Information
Fines & Penalties

Violation of Breach Notification Laws
Up to 4% of Annual Global Turnover or €20 M

Regulation Levels
  • Breach Reporting
  • Consumer Notifications
  • Third Party Management
  • Data Protection
Level Description
  • None to minimal
  • Basic Requirements
  • Comprehensive Requirements
  • Extensive Requirements
Quick Facts
  • Registration under the United Kingdom’s Data Protection Act requires individuals and organisations that process/control personal information to register with the Information Commissioner’s Office (ICO).
  • In addition to personal data, the United Kingdom defines certain personal information as sensitive data.  This data may have additional requirements related to data protection, data subject access, etc.
Statutes and Laws
  •  Data Protection Act
BAck to map