Personal data breach response

UK GDPR Art 33 & 34 · Operational summary · May 2026

Hypernest Innovations Limited maintains an incident response procedure aligned with our security architecture. When a personal data breach may affect your rights, we assess notification obligations to the ICO, to you, and (for fleet deployments) to your organisation as controller.

Response timeline

Immediate — Contain incident; preserve logs and audit trail
4 hours — Internal breach record opened with severity classification
24 hours — Notify affected fleet customers when Hypernest is processor
48 hours — Processor notification to fleet controllers (DPA commitment)
72 hours — ICO notification when required (UK GDPR Art 33)
72 hours — Notify individuals if high risk to rights (Art 34)

Fleet customers (B2B)

When we process driver data on your instructions, we notify your organisation as controller without undue delay and within 48 hours of becoming aware of a breach affecting your tenant. You are responsible for ICO and driver communication where you are controller.

ICO registration

Hypernest registers with the UK Information Commissioner's Office as a data controller. Registration details are published on the privacy notice footer once the certificate is issued. See also our ROPA summary.

Report a concern

If you believe there has been unauthorised access to your EnforceIQ Labs data, contact [email protected] with subject line "Security incident". For production tenants, include your organisation name and approximate time of discovery.

Internal fillable templates for ICO and customer notification are maintained in the EnforceIQ Labs compliance pack (GDPR-01).