Based on your responses at this time, there does not appear to be a requirement for your organisation to notify the PDPC of the data breach incident. 

However, organisations may choose to voluntarily notify the PDPC even if they assess that the data breach is not a mandatorily notifiable one under the PDPA. 

Please note that this self assessment tool is only a guide, and the self-assessment result is not definitive in the assessment of any decision not to notify the PDPC.

Do we need to notify the affected individuals?