Incident Response Policy
Effective Date: 15 July 2026
1. Purpose
This policy describes how Droblet Ltd. identifies, responds to, and communicates security incidents — including data breaches — in accordance with GDPR Article 33 and UK GDPR obligations.
2. Incident Classification
Critical
Data breach involving personal data; immediate response required.
High
Suspected unauthorised access or significant service disruption.
Medium
Degraded service performance or minor policy violation.
Low
Isolated anomaly with no data impact.
3. Response Timeline
- 0–2 hours: Incident detected and triaged by security team
- 2–24 hours: Containment, initial assessment, and internal escalation
- 24–72 hours: Notification to supervisory authority if personal data is involved (GDPR Article 33)
- 72 hours+: Notification to affected individuals where high risk is identified
4. Reporting a Security Incident
If you become aware of a security incident involving Droblet or suspect your account has been compromised, contact us immediately.
Security Team: security@droblet.ai
Data Protection: privacy@droblet.ai