Information Compliance

Openness in how we work

Data Incident Evaluation Report (DPO)

Data Incident Evaluation Report Form

    To be completed as far as possible by the individual reporting the data incident

    Note If it is possible to retrieve the information retrieve it as soon as possible e.g. recalling e-mails.
    In order to evaluate the data security incident it is necessary to define:

    1. Initial information gathering

    • what has happened;
    • when and how you found out about the breach;
    • the people that have been or may be affected by the breach;
    • what you are doing as a result of the breach; and
    • who else you have told.

    To ensure that the evaluation is appropriate and to help the Assurance and Data Protection Office provide the most effective support to you. Please provide as much information as possible and ensure it is as accurate and detailed as possible.

    For completion by the Assurance and Data Protection Office

    a. Follow up/interim

    b. Conclusion/Lessons Learned Article, 33(5) record



  • Data Protection Officer: David Bridge



    2. Incident Details



    Category and number of people information disclosed to:

  • A high risk (to subject)
    None - see mitigation

  • Name
    Phone Number
    Bank Details

  • Yes

    3. Mitigation

  • Yes

    4. Investigation and Evaluation (for completion by Assurance and Data Protection Office)

    Other Mitigation:

    Lessons learned:


    The Data Protection Officer will use the information provided on this form to assess the incident and conclude whether it is a: Reportable data breach, non-reportable data breach, or non-reportable data security incident.





Leave this blank:


Information Compliance - © University of Kent

The Registry, The University of Kent, Canterbury, Kent, CT2 7NZ, T: +44(0)1227 823671

Last Updated: 04/05/2022