At our organisation, protecting your personal data is one of our highest priorities. We are committed to maintaining strong data protection standards and ensuring transparency about how we respond to any potential data breach. This article explains what constitutes a data breach, how we manage such incidents, and what you can expect from us if your information is ever affected.

What Is a Data Breach?

A data breach occurs when personal information is accessed, disclosed, lost, altered, or destroyed without proper authorisation. This can happen in various ways, such as:

• Personal data being sent to the wrong recipient

• Unauthorised access to systems or files

• Loss or theft of devices containing personal information

• Human error, such as including incorrect individuals in an email

Not all breaches pose a high risk, but all are treated with care and seriousness.

Our Commitment to Data Protection

We operate in full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. These regulations set out how organisations must protect personal data and guide all of our internal practices.

We have strong systems and controls in place designed to reduce the risk of data breaches. These include staff training, secure technology, regular audits, and strict internal procedures for handling personal information.

How We Respond to a Data Breach

If a data breach occurs, we follow a structured and thorough process:

1. Immediate Containment and Assessment

As soon as a breach is identified, our team works to contain it and prevent further unauthorised access or disclosure. We assess:

• How the breach occurred

• What type of data was involved

• How many individuals may be affected

• The potential risks or harm

2. Investigation

A detailed investigation is carried out to understand the root cause of the incident. This includes reviewing systems, interviewing relevant staff, and examining any contributing factors.

3. Risk Assessment (ICO Guidelines)

We use the Information Commissioner’s Office (ICO) risk-assessment framework to evaluate whether the breach is likely to result in a risk to individuals’ rights and freedoms. This assessment determines:

• Whether we must report the incident to the ICO

• Whether affected individuals must be notified

4. Notification (If Required)

If the breach poses a risk to individuals, we will notify those affected as soon as possible. Notifications may include:

• A summary of what happened

• The type of data involved

• Actions we have taken to contain the breach

• What individuals can do to protect themselves, if needed

• Contact details for further support

In some cases, we may attempt to contact affected individuals by phone first. If unsuccessful, we will follow up via email or letter.

5. Preventing Future Incidents

Following any breach, we:

• Review and strengthen internal policies and procedures

• Provide additional staff training where needed

• Update systems or technical controls

• Implement corrective actions identified during the investigation

Our goal is to ensure a similar incident does not occur again.

How We Support Affected Individuals

If your data is involved in a breach, you can expect:

• Clear and timely communication

• Honest and transparent explanations

• Guidance on steps you may wish to take

• Opportunities to ask questions or raise concerns

Our team is available to support you throughout the process and provide any information you may need.

How to Contact Us

If you have questions about our data protection practices or wish to discuss a concern, you can contact us directly:

• Email: hello@alternaleaf.co.uk

• Phone: +441283244025

We are committed to safeguarding your personal information and ensuring your trust in our services.