Breach Reporting

Self Reporting form

This form is for controllers who need to report a personal data breach of The Data Protection (Bailiwick of Guernsey) Law, 2017 to the Office of the Data Protection Authority (ODPA). It should not take you more than 15 minutes to complete. Please note that whilst you are only legally obliged to report breaches that meet certain legal criteria we still encourage all incidents to be reported to us.

Please provide as much (anonymised) information as you can, and ensure all mandatory fields are completed.

If you cannot answer questions because you do not know the answer, or you are waiting on further information pending the completion of an internal investigation, please set that out in your response.

Read: breach reporting guidance

After a personal data breach, swift containment and recovery of the situation is vital. You should make every effort to minimise the potential impact on the people whose data has been affected, and details of the steps taken to achieve this should be included in this form.

Read: Keep calm and carry on: 8 steps to help you deal with a data breach.

If you have any questions, please contact

Notification of Personal Data Breach

Fields marked with a * are required

Section 1 - Contact details

No Yes

Section 2 - Jurisdiction

No Yes
If so, which jurisdictions?
No Yes
No Yes

Section 3 - Initial information on the breach




Please send up copies of the following where applicable:

You can chose as many as 20 files at a maximum of 2MB per file


  • I have included all the necessary supporting evidence with my breach report
  • The information I have provided is accurate to the best of my knowledge.
  • I understand that the Commissioner will electronically store the information relating to my breach report, including the documents I have provided, and keep those records for 7 years following the conclusion of the enquiry.