DSIT privacy notice: cyber security breaches survey 2025
Updated 3 September 2024
漏 Crown copyright 2024
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.
Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.
This publication is available at /government/publications/cyber-security-breaches-survey/dcms-privacy-notice-for-the-cyber-security-breaches-survey-2023
This notice sets out how we will process your personal data, and your rights. It is made under Articles 13 and/or 14 of the UK General Data Protection Regulation (UK GDPR).听听
Cyber security breaches survey 2025, which surveys businesses and charities about their cyber security, is conducted by Ipsos Ltd. (Ipsos) on behalf of the Department for Science, Innovation and Technology (DSIT) and the Home Office (HO).听
DSIT, HO and Ipsos act as the joint controllers of this survey, which is jointly commissioned by DSIT and HO. Ipsos has provided their own , to explain how they processes your personal data.
For the purposes of this survey, Ipsos will not share or transfer any of your personal data to DSIT and/or HO.听
1. Your data听
Where personal data has not been obtained from the data subject听听
For charities based in Scotland that are contacted for this survey, personal data was obtained by DSIT from the Office of the Scottish Charities (OSCR), and provided to Ipsos for the purposes of inviting you to participate in this survey.听DSIT and/or HO processed your personal data through a duly managed transfer request, from OSCR directly to Ipsos.
All other processing of personal data for this survey will be done by Ipsos. Ipsos will then provide DSIT and/or HO with completely anonymised notes and reports.听听听
Ipsos will provide DSIT and/or HO with an anonymous data file of survey responses to allow for analysis and quality assurance of the results. This anonymous file may be made available to other approved government departments, partner organisations or researchers for statistical research purposes only.听
Ipsos privacy notice听听
Ipsos is the processor of the data and has provided their own .听听
The Ipsos privacy notice explains:
- the purpose of the survey
- how they process your personal data
- their legal basis for processing
- who they may share your data with
- who they may transfer your personal data to
- how long they may retain your personal data听
2. 笔耻谤辫辞蝉别听
The purpose(s) for which we are processing your personal data is:听听
- to allow our contracted partner, Ipsos, to invite you to participate in this cyber security breaches survey
3. Legal basis of processing听听
The legal basis for processing your personal data under Article 6 of the UK GDPR is:听听
1(e)Public task: Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller, which entails understanding the cyber attacks and cyber crimes experienced by UK businesses, charities and educational institutions, and their policies, processes and approach to cyber security.听
4. 搁别肠颈辫颈别苍迟蝉听
Your personal data will not be shared directly with DSIT and/or HO.听听
Details are provided in .
5. 搁别迟别苍迟颈辞苍听听
Your personal data will be transferred directly by OSCR to Ipsos and will not be retained by DSIT and/or HO.听
6. Automated decision making听
Your personal data will not be subject to automated decision making.听听
7. International transfers听听
Your personal data will be processed in the UK.听
8. Your rights听
You have the right to request information about how your personal data are processed, and to request a copy of that personal data.听听
You have the right to request that any inaccuracies in your personal data are rectified without delay.听听
You have the right to request that any incomplete personal data are completed, including by means of a supplementary statement.听听
You have the right to request that your personal data are erased if there is no longer a justification for them to be processed.听听
You have the right in certain circumstances (for example, where accuracy is contested) to request that the processing of your personal data is restricted.听听
You have the right to object to the processing of your personal data.听
9. Contact details听
You can contact the DSIT data protection officer at:听听
DSIT data protection officer 听
Department for Science, Innovation &Technology 听
22-26 Whitehall 听
London 听
SW1A 2EG听
Email: dataprotection@dsit.gov.uk听
If you are unhappy with the way we have handled your personal data, please write to the department鈥檚 data protection officer in the first instance using the contact details above.听听
10. Complaints听
If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an UK independent regulator.听 The Information Commissioner can be contacted at:听听
Information Commissioner鈥檚 Office听
Wycliffe House听
Water Lane听
Wilmslow听
Cheshire听
SK9 5AF听
Telephone: 0303 123 1113听
听听
Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.听听
11. Updates to this notice听
If this privacy notice changes in any way, we will place an updated version on this page. Regularly reviewing this page ensures you are always aware of what information we collect, how we use it, and under what circumstances we will share it with other parties. The 鈥榣ast updated鈥� date at the bottom of this page will also change.听
If these changes affect how your personal data is processed, we will take reasonable steps to let you know.听
Last updated: 31 July 2024