Report Your Organisation’s Data Breach

This guide helps Data Protection Officers (DPOs) assess, manage and report data breaches under the Personal Data Protection Act (PDPA). It explains how to determine if a breach is notifiable, meet the three-day deadline, and report the breach using Personal Data Protection Commission’s (PDPC) required process and the C.A.R.E. framework.

Published on 22 Apr 2026

Self-Assessment for Organisations Experiencing Data Breaches

Use this tool to determine if the breach is notifiable

Access the tool here

Submit a Data Breach Notification to PDPC

Use our e-service form to submit your notification.

Submit form

Guide on Managing and Notifying Data Breaches Under the PDPA

Guidance on applying the C.A.R.E. Framework, including checklists and post-breach evaluation.

Guide to Developing a Data Protection Management Programme

Framework for managing personal data and responding to incidents. Use it to build or refine your data breach response plan.

What happens if we miss the three-day deadline?

How do we integrate breach response into business continuity planning?