What should a company do after a data breach that causes you harm? If you’ve been harmed by a personal data breach, you may be wondering what steps the company responsible should take and what steps you could take in order to make a claim.
What should a company do after a data breach?
You may also have queries, such as:
- How do I report a data protection breach?
- Can I claim through data breach solicitors on a No Win No Fee basis?
- How much compensation could I receive for a successful data breach claim?
We will aim to answer all of those questions while also providing key information on how long you have to make your claim as well as the steps you can take to strengthen your case.
If you would like to know more about making a personal data breach claim, or if you have questions that this guide cannot answer, our advisors can help. They can give you free legal advice, and they can also help you identify whether you have a valid claim.
To learn more, you can get in touch with one of our advisors by:
- Calling us on 0333 241 2521
- Contacting us online
- Using the live chat option below
Choose A Section
- A Guide On What A Company Should Do After A Data Breach
- What Should A Company Do After A Data Breach?
- When Could You Make A Data Protection Breach Claim?
- Potential Evidence When Seeking A Data Breach Payout
- How Much Compensation For A Data Breach?
- Why Use Data Breach Solicitors On A No Win No Fee Basis?
- Learn More About What A Company Should Do After A Data Breach
A Guide On What A Company Should Do After A Data Breach
A data breach is often referred to as a security incident that leads to your personal data and its integrity, availability, or confidentiality being compromised. Furthermore, personal data is any information that can be used to identify a person, such as your name or address.
Not all breaches of personal data may lead to a claim. As per the UK General Data Protection Regulation (UK GDPR) as well as the Data Protection Act 2018 (DPA), there must be wrongful conduct from the data controller or the data processor.
This must have also led to you experiencing harm either emotionally or through your finances, which will be explored in greater depth later in this guide.
A data controller establishes why and how they intend to use your personal data. The data processor then follows their instructions to process it.
Please contact our team for more questions on what should a company do after a data breach.
What Should A Company Do After A Data Breach?
The Information Commissioner’s Office (ICO) is an independent organisation that is based in the UK and enforces the legislation mentioned above. Any company that suffers a data breach that could affect your rights or your freedoms must report this breach to the ICO within 72 hours. Also, they must alert you without undue delay.
You can make a complaint directly to the organisation responsible for the breach. They could provide further information, such as what information was affected or how the breach occurred.
If you do not receive a satisfactory response within 3 months, you can contact the ICO and request that they investigate the issue. The ICO does not offer compensation. However, they can investigate the breach and may fine the organisation if they are found to have engaged in wrongful conduct.
If you are still wondering what should a company do after a data breach, do not hesitate to contact a member of our team.
When Could You Make A Data Protection Breach Claim?
As previously touched on, you must have suffered mental or financial harm due to wrongful conduct by the data controller or processor to be eligible to claim.
Some examples of wrongful conduct that could lead to a personal data breach claim include:
- A website data breach that occurs when a file containing personal data is accidentally uploaded to a live website, allowing unauthorised access
- An online shopping company falls victim to a cyberattack due to a lack of adequate cybersecurity measures in place. As a result, your bank details are stolen, which impacts your credit score.
- Your employer may share personal information from your records, such as medical conditions or your trade union membership status, over the phone without conducting the appropriate security checks.
If you have been in a situation like the examples provided above and would like to know whether you can claim, speak with our advisors. Or, read on for more information on what should a company do if they suffer a data breach that affects you.
Potential Evidence When Seeking A Data Breach Payout.
As previously stated, to make a successful data breach claim, you must be able to prove that there has been wrongful conduct on the part of the data controller or processor, which has led to you sustaining mental or financial harm.
A good way to do this is to gather evidence. This can be done in the following ways:
- Medical records – Records or notes that document that mental harm you have suffered can be used to help strengthen your claim
- Correspondence with data controller or processor – Keep a record of all communications, including letters you receive to notify you.
- Financial records – Keep proof of any monetary losses sustained due to the breach. This can be done via receipts, invoices, credit score ratings or bank statements.
Our advisors can provide you with more information in terms of the evidence you can acquire to strengthen your claim.
How Much Compensation For A Data Breach?
The data breach compensation you could receive for a successful claim could be made up of two heads. These are called non-material and material damage.
Non-material damage seeks to compensate you for the psychological impact you endure due to the breach. For example, you may suffer increased distress after a data breach, anxiety or depression.
We have put together a table using figures that relate to non-material damage from the Judicial College Guidelines (JCG), a document legal professionals use to assist them when valuing claims. However, it must be stated that these compensation amounts are not guaranteed. Each data breach claim is unique, and your settlement could differ.
| Injury | Severity | Compensation Bracket | Details |
|---|---|---|---|
| Mental harm | Severe | £54,830 to £115,730 | There is difficulty dealing with everyday life normalities after an unsuccessful treatment, causing a significantly negative prognosis. |
| Mental harm | Moderately Severe | £19,070 to £54,830 | There are serious problems coping with everyday life, such as employment, though the prognosis is better than the above. |
| Mental harm | Moderate | £5,860 to £19,070 | Despite a better prognosis, difficulties coping with everyday life remain. |
| Mental harm | Less Severe | £1,540 to £5,860 | The payout for this bracket is based on the impact on lifestyle as well as how long it takes to recover. |
| Anxiety disorder | Severe | £59,860 to £100,670 | Includes permanent symptoms that prevent the injured party from partaking in everyday life tasks or functioning at anything close to pre-trauma level. |
| Anxiety disorder | Moderately Severe | £23,150 to £59,860 | A better prognosis will be achieved by seeking medical help. |
| Anxiety disorder | Moderate | £8,180 to £23,150 | Despite the injured person nearly fully recovering, there will still be some non-disabling symptoms that remain. |
| Anxiety disorder | Less Severe | £3,950 to £8,180 | The injured person has almost fully recovered within a timeframe of 1-2 years, with only minor symptoms that remain. |
Material Damage In A Data Protection Breach Claim
Additionally, you may receive material damage for any financial harm you suffer as a result of the data breach. For instance, a tax information data breach may expose your bank details. Subsequently, money is taken from your account, leaving you in debt and arrears.
For more information on how much compensation you could receive, contact an advisor today.
Why Use Data Breach Solicitors On A No Win No Fee Basis?
You may wish to seek data breach compensation on a No Win No Fee basis. Our data breach solicitors can use their vast experience to cover all bases of your breach of data protection claim. This could considerably decrease how daunting the claims process could seem.
Generally, they work under a Conditional Fee Agreement (CFA) which is a type of No Win No Fee arrangement. This usually means that you will not be required to pay any legal fees to your solicitor upfront or while your claim is ongoing.
The only fee your solicitor will require for their services comes only if your case is successful. If your claim is successful, a legally capped success fee will be deducted from the compensation you are awarded and paid to your data breach claim solicitor. But, if it does not succeed, you do not pay this fee.
Find out whether you qualify to be represented on a No Win No Fee basis by getting in touch with a member of our team.
Contact Us For Free To See If You Could Receive Data Breach Compensation
Our advisors are here to help you 24 hours a day, 7 days a week. If you would like a free consultation, all you need to do is get in touch.
If you have an eligible claim, they could connect you with one of our expert data breach solicitors. They can also offer free legal advice and more help.
You can contact our advisors by:
- Calling us on 0333 241 2521
- Contacting us online
- Using the live chat option below
Learn More About What A Company Should Do After A Data Breach
We have also included additional guides that might be of benefit:
You could get more information by reading our other guides:
Thank you for reading our data breach guide. Get in touch if you are still wondering what should a company do after a data breach.
Writer Beck Partner
Publisher Cat Heart
