Skip to Main Content
Steer your organisation safely through 2021 and navigate to cyber safety with IT Governance. Find out how
Data Breach Management Service

Data Breach Management Service

SKU: 5071
Authors: IT Governance
Format: Level 1 Retainer (annual)

Investigating a data breach – who has been affected, how extensive it is and how it happened – and compiling all the information needed by supervisory authorities within the 72-hour reporting deadline imposed by the DPA 2018 and GDPR can pose a challenge for any business.

The Data Breach Management Service helps you to quickly and effectively navigate the Regulation’s data breach notification requirements in a structured and compliant manner. With the threat of a data breach becoming increasingly imminent, it is vital that your organisation is prepared. We offer four levels of service to suit your needs, from emergency response to ongoing support for enterprise organisations. 

“I would like to thank you very personally for being such a steadying and calm influence on the preparation process for the initial submission and for working on Saturday to get it done and in. It was an enormous relief to have someone of your experience to draw on in the first few hours of dealing with this nasty incident.” – Client name withheld for confidentiality reasons.

This service is provided by IT Governance’s sister company GRCI Law Limited, a specialist in data privacy, cyber security, and legal and compliance advisory services.

 COVID-19: remote delivery options

We would like to reassure our clients that all training and consultancy services will go ahead as scheduled during the current COVID-19 situation. As a company that fully embraces flexible and remote working, we are adjusting our delivery methods to allow us to provide consultancy services, penetration tests and training remotely where necessary. Please also refer to our COVID-19 policy.

For more information about this service or to get a tailored quote for your organisation, please enquire below and one of our experts will be in touch shortly.Enquire about this service

Included in this service

Data security incidents can be a chaotic and stressful experience. Acting fast is key in order to meet the DPA/ GDPR’s 72-hour personal data breach reporting requirement. Knowing how to respond to an incident appropriately and effectively is vital. We can support you throughout with our Data Breach Management Service.

Our team of experienced data privacy lawyers and data protection officers will work with you to:

  • Dedicated support from qualified and experienced data protection subject-matter experts.
  • Creation and maintenance of a breach log as per the ICO (Information Commissioner’s Office) guidelines.
  • Virtual two-hour review of your organisation’s internal report processes to ensure breaches are recognised and reported in a timely and appropriate manner.
  • Dedicated breach support in all areas of the process:
    1. Reviewing and assessing the nature of the breach.
    2. Making a considered decision as to whether the breach needs to be reported to the ICO.
    3. Liaising with the single point of contact within your organisation.
    4. Advising on the immediate steps to take to protect your organisation and its data subjects.
    5. Liaising with the ICO, including responding to and following up on its questions.
    6. Liaising with/contacting data subjects if appropriate.
    7. Forensic analysis via our trusted partners, if required (additional cost).
  • Physical or virtual attendance at internal meetings, including table-top exercises or as part of your incident response model.
  • Liaising with your organisation’s DPO (data protection officer) to ensure consistency of policies.
  • Liaising with other regulatory bodies if required by your business model.
  • Assistance with your business continuity planning and organisational learning.


  • Gain quick access to expert support and advice when you need it most.
  • Limit data breaches quickly to prevent extensive damage.
  • Meet the DPA and GDPR’s 72-hour reporting deadline.
How does the service work?

We offer four levels of data breach support:

Is your organisation experiencing a data breach? Our emergency breach response service will support you.

This includes: Two prepaid support hours to begin delivery of the above service inclusions.

£500 per incident

Includes £50 admin fee.
Additional hours are charged at £225 per hour.

Call +44 (0)330 9000 300 if you are experiencing a data breach.

Company size

Number of reportable breaches per year


Small 5-10 breaches Contact us for pricing
Standard 11 - 20 breaches Contact us for pricing
Enterprise 21+ breaches Contact us for pricing


Breach support is available between Monday and Friday, 9:00 am to 5:30 pm BST/GMT.

The cost of forensic investigations is not included in the price.

Why GRCI Law

Why choose GRCI Law?

Data Breach Management Service is delivered by IT Governance’s sister company GRCI Law, and has been developed specifically to cater to the needs of organisations trying to comply with the GDPR and DPA (Data Protection Act) 2018.

  • Unlike other organisations, GRCI Law is a specialist legal consultancy, which means we only advise on issues related to data protection, privacy and cyber security.
  • GRCI Law’s team of qualified lawyers, DPOs, solicitors and barristers has decades of experience in privacy and information/cyber security compliance programmes, and personal data solutions for high-profile organisations.
  • GRCI Law takes a strategic approach to assessing and managing your data privacy needs, aligning standards and best practices with your operational and business requirements.
  • As a sister company of IT Governance, you have direct access to cyber security specialist expertise, if needed.
  • Our team has experience with global multinationals, international banks, investment firms and leading law firms, healthcare providers, world-leading educational institutions, the European Council, and UK law enforcement organisations.

Customer Reviews

This website uses cookies. View our cookie policy
WIN £100