Data Breach Policy

1. Introduction

1.1 Data Handling: World of Art Prints processes and protects end-consumer personal data.

1.2 Protection Measures: We take every care to protect personal data from incidents that could compromise security.

1.3 Consequences of Breach: A data breach can result in harm to individuals, reputation damage, and/or financial costs.

2. Purpose

2.1 Legal Obligation: We comply with the Data Protection Act to ensure data security throughout its lifecycle.

2.2 Policy Aim: This policy ensures consistent and effective management of data breaches and information security incidents.

3. Scope

3.1 Data Coverage: This policy applies to all personal and sensitive data held by World of Art Prints. A further policy regarding the commitments of our card processing gateway “Stripe” can be located on their website: stripe.com/en-gb/legal/dpa (opens in a new window).

3.2 Staff Applicability: It applies to all staff, including temporary, casual, agency staff, contractors, and data processors.

3.3 Policy Objective: The goal is to contain breaches, minimise risks, and secure personal data.

4. Types of Breach

4.1 Definition: Data breaches include confirmed and suspected incidents that compromise confidentiality, integrity, or availability.

4.2 Examples: Breaches include data loss, equipment theft, unauthorised access, hacking, human error, etc.

5. Reporting an Incident

5.1 Responsibility: Anyone accessing or managing our data must report incidents immediately to the Data Protection Officer (DPO) at dpo@world-of-art-prints.com.

5.2 Outside Hours: Report breaches as soon as practicable if they occur outside working hours.

5.3 Incident Details: Include details such as dates, times, nature of the breach, and affected individuals.

6. Containment and Recovery

6.1 Immediate Action: The DPO will determine if the breach is ongoing and take steps to minimise the impact.

6.2 Assessment: The DPO and team will assess the severity and lead the investigation.

6.3 Recovery: The DPO will determine recovery actions and notify relevant parties, including the police if necessary.

7. Investigation and Risk Assessment

7.1 Timeliness: The DPO will start an investigation within 24 hours of discovering/reporting the breach.

7.2 Risk Assessment: Evaluate the type of data, its sensitivity, protections in place, potential misuse, and affected individuals.

7.3 Considerations: Determine the breach’s impact and potential consequences.

8. Notification

8.1 Decision to Notify: The DPO, with the owner, will decide who needs to be notified.

8.2 Considerations: Legal requirements, benefits to individuals, and prevention of unauthorised data use.

8.3 Individual Notification: Include breach details, protection advice, and contact information.

8.4 Third-Party Notification: Notify parties like police, insurers, or banks if illegal activity is suspected.

9. Evaluation and Response

9.1 Review: The DPO will review the breach causes, response effectiveness, and suggest system or policy changes.

9.2 Control Assessment: Evaluate and improve existing data protection measures.

9.3 Report: A report with recommendations will be considered by the owner of World of Art Prints.

 

You may also wish to read our Privacy Policy and view our Disclaimer page.

15%

off, especially for you 🎁

Sign up to receive this exclusive discount coupon, access a world of special offers + our newsletter.

Read our privacy policy for details.