Incident Response Policy

Effective Date: 15 July 2026

1. Purpose

This policy describes how Droblet Ltd. identifies, responds to, and communicates security incidents — including data breaches — in accordance with GDPR Article 33 and UK GDPR obligations.

2. Incident Classification

Critical

Data breach involving personal data; immediate response required.

High

Suspected unauthorised access or significant service disruption.

Medium

Degraded service performance or minor policy violation.

Low

Isolated anomaly with no data impact.

3. Response Timeline

  • 0–2 hours: Incident detected and triaged by security team
  • 2–24 hours: Containment, initial assessment, and internal escalation
  • 24–72 hours: Notification to supervisory authority if personal data is involved (GDPR Article 33)
  • 72 hours+: Notification to affected individuals where high risk is identified

4. Reporting a Security Incident

If you become aware of a security incident involving Droblet or suspect your account has been compromised, contact us immediately.

Security Team: security@droblet.ai

Data Protection: privacy@droblet.ai