To ensure OnPoint Medical Reporting Limited responds effectively, promptly, and compliantly to any personal data breach, minimising harm and meeting legal obligations under GDPR and UK law.
A data breach means a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
Any staff member / contractor who becomes aware of a suspected or confirmed data breach must report immediately to the Data Protection Officer (DPO) / responsible person.
The DPO will assess the incident to determine whether it is a “reportable breach” under GDPR.
DPO (or designated team) will:
Confirm whether a breach has occurred.
Identify categories, scale, and sensitivity of data involved.
Evaluate the risks to individuals (harm, identity theft, discrimination etc.).
Determine likely consequences.
Take immediate steps to contain the breach (e.g. isolate affected system, revoke access, etc.).
Recover integrity of data where possible.
Mitigate harm (notify affected individuals, provide support).
If breach is likely to result in risk to the rights and freedoms of individuals, we will notify the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of it, unless unlikely to pose risk.
When breach likely to result in high risk to individuals, we will inform those affected without undue delay.
The notification will include: nature of breach, description of types of personal data affected, likely consequences, measures taken / to be taken to mitigate.
Maintain internal record of all breaches, regardless of severity, including date/time discovered, description, effects, actions taken, lessons learned.
Review each incident and update policies, procedures, training as needed.
Clear internal communication to staff/contractors.
Where relevant, external communication (if legally required or appropriate).
After any breach, perform root-cause analysis.
Update risk assessments, policies, staff training, technical safeguards.
Monitor implementation of improvements.
ONPOINT MEDICAL REPORTING LIMITED is a UK-based provider of medico-legal
reporting and support services. We offer fast, reliable access to a nationwide panel of medical
professionals to support personal injury claims, complex legal proceedings, and rehabilitation
needs.
Our goal is to alleviate the administrative burden from law firms and insurers by offering
comprehensive, accurate medical assessments and case management—handled with care,
speed, and integrity.
