Report a Data Breach to the OIC

1(a). Data Controller Information
Provide information about the data controller
Enter the name of the data controller
Enter the name of the data controller contact person
Address of Data Controller
Enter the address of the data controller
Data Controller Contact Number
Enter the data controller contact number
Enter data controller email address
Data Controller Type/Scope
Enter the data controller Type/Scope
1(b). Data Controller Representative Information
Data Controller Representative Type/Scope
Enter the data controller Type/Scope
2. Data Protection Officer Information
Provide information about the DPO
Enter the name of the data protection officer (if known)
Address of Data Protection Officer
Enter the address of the data protection officer
Data Protection Officer Contact Number
Enter the data protection officer contact number
Enter the data protection officer eMail address
3. Data Processor Information (where applicable or known)
Enter information about the data processor
Enter name of the data processor
Enter the name of data processor contact
Address of Data Processor
Enter the address of the data processor
Data Processor Contact Number
Enter the data processor contact number
Enter the data processor eMail address
Data Processor Type/Scope
Enter the data processor type/scope
4. Third Party or Other Involved Entity Information
Provide information about any other entity involved in the data breach
Is there another entity involved in this data breach?. (If yes, complete the information below) 
Enter the name of other/third party entity
Enter name of third party contact
Address of Other/Third Party Entity
Enter address of other/third party entity
Third Party Contact Number
Enter the third party contact number
Enter the third party eMail address
Third Party Entity Type/Scope
Enter the third party entity type
5. Type of Report
Purpose of the report
Type of report

Select ‘Comprehensive’ when this report contains all the information that the data controller has been able to gather regarding the data breach and the provision of further information is not foreseen. Select ‘in phases’ when this is an incomplete report, with further information to follow.
If in phases, indicate which phase
6. About the Data Processing
Approximate number of individuals whose personal data are processed, referring exclusively to the processing activity affected by the personal data breach
Provide details on the processing activity affected by the breach and the location of the  personal data about individuals
7. Details about Breach & Its Consequences
Indicate the date and time on which you became aware of the breach
How was the breach detected?
Cause of the Data Breach (Check all that apply)
Provide information about the cause of the breach
Origin of the Data Breach
Provide information about the origin of the data breach
How Did The Breach Occur? (Select all relevant options)
What has been affected as a result of the Breach? (Select all relevant options)
Provide a brief description of what happened, and the concrete measures taken and proposed to be taken to minimise damage to data subjects.
Type of Data Affected. (select all applicable options)
Select the types of personal data that have been affected
In total, how many data subjects were or could be affected by the breach? (If you do not know the exact value, please give an approximate value.)
Categories of Data Subjects
What are the categories of data subjects concerned? (Select all applicable options)
8. Actions Taken By The Data Controller After the Breach
Where applicable, select only new or updated security measures
9. Notification of Data Subjects
What means of notification was utilised? (Select all applicable options)
Impact on Data Subjects

From the table below indicate:

  • the nature of the possible impact of the breach;
  • whether there is evidence that any of the impact has occurred; and
  • if the impact has not yet occurred, the assessment of the probability of the impact occurring.