FastLearners

Data Breach Response Policy

Effective Date: 29/11/2025

Controller: Fastlearners Limited

1. Purpose

This policy defines the procedures Fastlearners Limited follows if a data breach occurs.

It ensures compliance with the:

  • NDPR (Nigeria)
  • GDPR (EU)
  • General global security standards

The goal is to reduce impact on users, investigate quickly, and prevent future occurrences.

2. What is a Data Breach?

A data breach includes:

  • Unauthorized access
  • Loss or theft of devices
  • Accidental deletion or modification
  • External attacks (e.g., hacking, malware)
  • Unauthorized data sharing
  • Exposure of children’s data

3. Responsibilities

a. Data Protection Officer (DPO) or Appointed Lead

Responsible for:

  • Coordinating breach response
  • Documenting incidents
  • Communicating with regulators and affected users

b. Engineering / IT Team

Responsible for:

  • Containing the breach
  • Identifying the cause
  • Securing systems
  • Applying fixes and patches

c. Management

Responsible for:

  • Authorizing notifications
  • Approving corrective actions

4. Breach Response Procedure

Step 1: Identification

A breach may be detected through:

  • User reports
  • System alerts
  • Monitoring tools
  • Security audits

Staff must report suspected breaches immediately to the DPO.

Step 2: Containment

Immediately:

  • Disable compromised accounts
  • Isolate affected systems
  • Revoke exposed tokens or credentials
  • Block malicious IPs
  • Shut down unauthorized access

Step 3: Assessment (within 24 hours)

Determine:

  • Type of data involved
  • Number of affected users
  • Whether children’s data is involved
  • Whether data was encrypted
  • The risk of harm (identity theft, fraud, privacy risk)

Step 4: Notification

Regulators

  • NDPR requires prompt notification to NITDA
  • GDPR requires notification within 72 hours

Affected Users

Required when risk is significant.

Notification must include:

  • Nature of breach
  • Data involved
  • Possible consequences
  • Steps users should take
  • Measures Fastlearners is taking
  • Contact point for assistance

Step 5: Documentation

Every breach is logged with:

  • Date/time
  • Description
  • Systems affected
  • Individuals affected
  • Actions taken
  • Lessons learned

NDPR and GDPR require complete incident records.

Step 6: Remediation

Actions may include:

  • Patching systems
  • Resetting passwords
  • Updating security policies
  • Conducting staff training
  • Strengthening infrastructure
  • Removing harmful scripts/malware

5. Security Measures in Place

Fastlearners applies:

  • End-to-end encryption
  • Encrypted passwords
  • Firewalls and intrusion detection
  • Secure cloud infrastructure
  • Role-based access controls
  • Regular security audits

6. Special Handling of Children’s Data Breaches

If a child’s data is affected:

  • Parents/guardians are notified immediately
  • Additional safeguards are applied
  • A special rapid-assessment review is conducted

7. Review and Updates

This policy is reviewed annually or after any major breach.

8. Contact

Fastlearners Limited

Email: cyril.james@fastlearnersapp.com

Address: Fastlearners Limited Head Office