Data Breach FAQs – Frequently Asked Questions

Welcome to our data breach frequently asked questions page. Here you can find the answers to some questions we often get asked about pursuing a GDPR breach claim, as well as more general questions about the claims process. data breach faqs

If you have any more queries or would like to proceed with a claim, you can get in touch with our advisers any time of day or night, 7 days a week, via the following methods:

What constitutes a breach of data protection?

A breach of data protection is defined as the deliberate or accidental loss, alteration, destruction, unauthorised disclosure of or access to personal data. Examples include information that is exposed during a cyberattack, sending personal data to the wrong recipient, failing to encrypt devices that are subsequently stolen, and accidentally deleting data.

What are my rights if my data has been breached?

If your data has been breached and you have suffered financial or mental harm as a result, you have the right to pursue a claim for compensation under the Data Protection Act 2018 and the General Data Protection Regulation (GDPR).

What do I report to the ICO?

If your data has been breached, the Information Commissioner’s Office (ICO) recommends that you first complain to the responsible company. If they ignore you or remain silent for around 3 months, you can then get in touch with the ICO and ask them to investigate. Include as much information possible on the breach, such as the date of the exposure, the type of information affected, and the impact it has had on you.

Who is liable for a data breach?

Depending on who is responsible for the data breach, the liable party could either be the data controller (the organisation that sets out to obtain your data), or the data processor (the organisation instructed by the controller to process your data on their behalf). It can be difficult to identify who is at fault, so seeking legal advice will be very useful.

Who do I complain to about a data breach?

In the first instance, the ICO recommends complaining to the organisation responsible for the data breach. Usually, there will be a Data Protection Officer within the firm that handles all complaints relating to GDPR. A complaint should be directed at them. If you get no response within 3 months, you can escalate the complaint to the ICO.

What can I do if my personal data has been breached?

In the first instance, you can seek clarification as to what data has been exposed. This should be confirmed by the organisation at fault for the breach. You can complain to them and ask for compensation. However, you could also seek legal help from a data breach solicitor, or ask the ICO to investigate the case.

Can I sue for breach of GDPR?

Provided you have suffered mental or financial damage as a result of a data breach, you could sue the organisation responsible. If you’re at all unsure, please get in touch with our team.

You can check out more of our guides below: