We've detected that Javascript is not enabled. It is required for an optimal survey taking experience.
Please check your browser's settings and make sure Javascript is turned on. Learn how to enable Javascript.

Skip survey header

Personal Data Breach Self-Assessment

Do I need to Notify?

Reporting a Personal Data breach is a requirement under the DP Law 2020, Articles 41 and 42. If you think your organisation has suffered such a breach, please complete this self-assessment to make an initial determination of whether to report it to the Commissioner and / or Individual.

Please note this assessment is quite basic and for guidance purposes only. If you have additional questions or specific issues, please seek legal advice. In order to preserve your privacy and to provide an objective, honest assessment of a possible Personal Data breach, no identifying information is shared with the Commissioner's Office by completing this assessment.

Personal data, if any, that is collected as a result of completing this assessment will be handled in accordance with the DIFC Online Data Protection Policy.

1. Are you assessing a privacy breach by an organisation, on behalf of the organisation? *This question is required.

Did the breach involve personal information? *This question is required.

How sensitive is the information that is involved in the breach? *This question is required.

Who has obtained or may obtain the information? *This question is required.

Was any harm caused or likely to be caused by the breach? *This question is required.

What types of harm may be caused to people affected by the breach? (Please rate the likely impact you think it will have on any affected persons.) *This question is required.

Space Cell	Low	Medium	High
Discriminatory harm	Discriminatory harm: Low	Discriminatory harm: Medium	Discriminatory harm: High
Emotional harm	Emotional harm: Low	Emotional harm: Medium	Emotional harm: High
Employment harm	Employment harm: Low	Employment harm: Medium	Employment harm: High
Financial harm	Financial harm: Low	Financial harm: Medium	Financial harm: High
Identity theft	Identity theft: Low	Identity theft: Medium	Identity theft: High
Loss of access to information	Loss of access to information: Low	Loss of access to information: Medium	Loss of access to information: High
Loss of opportunity	Loss of opportunity: Low	Loss of opportunity: Medium	Loss of opportunity: High
Physical harm	Physical harm: Low	Physical harm: Medium	Physical harm: High
Reputational harm	Reputational harm: Low	Reputational harm: Medium	Reputational harm: High
Threats of harm	Threats of harm: Low	Threats of harm: Medium	Threats of harm: High
Enter another option	Other: Low	Other: Medium	Other: High

Was any personal information involved in this breach accessed by anyone? *This question is required.

What steps have been taken to reduce the risk of harm or further harm from this breach? *This question is required.

The information was recovered
The device was wiped remotely
The problem that caused this breach was fixed
The recipient(s) of the information were contacted and the information was deleted
Other - Please Specify Please enter an 'other' value for this selection. * This question is required.
No action has been taken

Are there security measures in place that protect the information from being accessed? *This question is required.

Please tell us if any of the following high risk factors apply:

Someone's physical safety is in immediate danger
Someone's psychological safety is at immediate risk
There is immediate risk of serious financial harm

*This question is required.