A new incident reporting tool for data security and protection incidents has been launched within the Data Security and Protection Toolkit.

To access this function, please log in and look for the report an incident menu link (available to administrators only).

This replaces the previous SIRI reporting tool which was part of the previous Information Governance Toolkit.

The new incident reporting tool reflects the new reporting requirements of GDPR, and for relevant organisations the NIS Regulations.

All reportable data security and protection incidents must be notified through the reporting tool. Guidance materials are available to support organisations assess whether incidents should be reported. (https://www.dsptoolkit.nhs.uk/Help/29)

If you require immediate advice and guidance related to a cyber security incident, please contact the NHS Digital Data Security Centre on: 0300 303 5222.  

You must report a notifiable breach to the ICO without undue delay. If you take longer than 72 hours, you must give reasons for the delay.