The National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO) have agreed a new policy on how they will collaborate to support victims of cyber breaches. The new policy clarifies the respective organisations’ roles and what the customers can expect from them.

In particular, the new policy clarifies what information will be passed between the organisation with and without the customer’s consent. This is particularly relevant when the data breach might have included personally identifiable information (PII) covered by the Geneneral Data Protection Regulation (GDPR) and the Data Protection Act (DPA) 2018.