Skip to content
Email: info@odpc.go.ke
Phone: 0207801800
Opening : Mon-Fri 08:00 - 17:00
Facebook
Youtube
Linkedin
Home
About Us
Who We Are
What We Do
Governance Framework
Directorates
Strategic Plan
Service Charter
E-Services
Register as Data Handler
Data Controller
Data Processor
File a Complaint
Report a Data Breach
Knowledge Centre
Regulatory Framework
Registered Data Handlers
Determinations
Media Center
Gallery
Press Releases
Articles & News
Newsletters
E-Bulletin
Publications & Reports
Publications
Guidelines
Draft Guidance Notes
Reports
Financial Statements
FAQs
Access to Information
Opportunities
Tenders
Careers
Contact Us
Search
Test Form
Please enable JavaScript in your browser to complete this form.
Please enable JavaScript in your browser to complete this form.
Details of Controller/ Processor
Organization Name
*
Contact Person Name
*
First & Last Name
Contact Number
*
Mobile Number
Email Address
*
Email Address
Other Contact Details
Other Contact Details
Details of the Breach
Description of Data Breach
*
Description of Data Breach
Categories of persons affected by the data breach (e.g. customers, patients, employees, clients, children, vulnerable groups; etc.)
*
Categories of persons affected by the data breach (e.g. customers, patients, employees, clients, children, vulnerable groups; etc.)
In addition, please select any categories that apply:
Financial Data
Identity Information
Tax Pin Information
Contact Information
Home Address, Telephone Address, Email
Health Information
Other Sensitive Information
Additional details of the type of personal information involved in the data breach
Additional details of the type of personal information involved in the data breach
Provide a detailed description of any action, including remedial action, you are taking, or intend to take to assist data subjects whose personal data was involved in the data breach.
(a) Short-term Measures (Immediate Actions):
Outline the immediate steps taken to secure the data and limit any potential damage.
Outline the immediate steps taken to secure the data and limit any potential damage.
(b) Medium-term Measures (System Improvements):
Detail the actions planned or in progress to strengthen data security systems.
Detail the actions planned or in progress to strengthen data security systems.
(c) Long-term Measures (Policy and Training):
Describe the strategies for enhancing organizational data protection policies, including staff training programs on data security, updating incident response plans, and regular compliance reviews.
Describe the strategies for enhancing organizational data protection policies, including staff training programs on data security, updating incident response plans and regular compliance reviews.
Provide detailed description of any action you have taken, or are intending to take, to prevent reoccurrence
*
Provide detailed description of any action you have taken, or are intending to take, to prevent reoccurrence
Section: Communication with Data Subjects
Has the entity communicated with the data subjects affected by the breach?
*
Yes
No
If yes, please attach a sample of the communication sent to data subjects.
Drag & Drop Files,
Choose Files to Upload
If yes, please attach a sample of the communication sent to data subjects.
If no, please provide a detailed explanation as to why communication has not occurred.
If no, please provide a detailed explanation as to why communication has not occurred.
Specify the steps your organization/ agency recommends that individuals take to reduce the risk that they experience serious harm as a result of this data breach
*
Specify the steps your organization/ agency recommends that individuals take to reduce the risk that they experience serious harm as a result of this data breach
Other entities affected: (if the data breach described above was also a data breach of another organization, provide their identity and contact details)
Other entities affected: (if the data breach described above was also a data breach of another organization, provide their identity and contact details)
Date the breach occurred: (provide your best estimate if the exact date is not known)
*
Date the breach occurred: (provide your best estimate if the exact date is not known)
Was the data breach reported after 72 hours of discovery?
*
Yes
No
If NO, please specify why:
If NO, please specify why
Date the breach was discovered (provide your best estimate if the exact date is not known)
*
Date the breach was discovered (provide your best estimate if the exact date is not known)
Primary cause of breach:
*
— Select Choice —
Malicious or Criminal Attack
System Fault
Human Error
Other
If other, please specify:
If other, please specify
Description of how the data breach occurred
*
Description of how the data breach occurred
Number of data subjects whose personal data is involved in the data breach:
*
— Select Choice —
1-10
11-100
101-1000
1001-10000
10001-100000
100001-100000
Exact number of data subjects whose personal data is involved in the breach (please provide your best estimate):
Exact number of data subjects whose personal data is involved in the breach (please provide your best estimate)
Is there any other information you wish to provide at this stage, or any matters that you wish to draw to the ODPC’S attention?
Is there any other information you wish to provide at this stage, or any matters that you wish to draw to the ODPC’S attention?
List of any other data protection authorities, law enforcement bodies or regulatory bodies that you have reported, or intend to report, this data breach to:
List of any other data protection authorities, law enforcement bodies or regulatory bodies that you have reported, or intend to report, this data breach to:
Attach Copy of Report to Other Regulator or Institution: A provision for uploading documentation of reports made to other bodies, such as police or data protection authorities.
Drag & Drop Files,
Choose Files to Upload
Attach Copy of Report to Other Regulator or Institution: A provision for uploading documentation of reports made to other bodies, such as police or data protection authorities.
no, any Address
Request for Confidentiality
*
I request that the particulars of the breach, mitigation efforts and responses, and additional information provided in this form be held by the ODPC in confidence
If you request any information in this form be held by the ODPC in confidence, please provide further information to support the request. The ODPC will respect the confidence of commercially or operationally sensitive information provided voluntarily in support of a data breach notification, and will only disclose this information after consulting with you, and with your agreement or where required by law.
Attachments
Please attach any relevant documents that support your notification and actions regarding the data breach. This can include but is not limited to: (a) Sample Agreements (b) Incident Response Policy
Drag & Drop Files,
Choose Files to Upload
Please attach any relevant documents that support your notification and actions regarding the data breach. This can include but is not limited to: (a) Sample Agreements (b) Incident Response Policy
Additional Provisions
Attach Incident Report: A section for uploading a detailed incident report.
Drag & Drop Files,
Choose Files to Upload
Attach Incident Report: A section for uploading a detailed incident report.
Declaration
I hereby declare that the information given in this application is true and correct to the best of my knowledge and belief
Review and Submit
Please review the information that you have provided about the data breach. If you would like to change anything, you can return to the relevant section and update.
*
I have reviewed before submission
Email
*
Submit Notification of Data Breach
Linda Data
Message input
