Go to page content

Take control of your personal data with Rightly and JMW

Discover what companies know about you. Manage your information for free today.

Gather evidence for a stronger appeal

Request your data to challenge fines, use in tribunals and more

Get your credit files for free

Find out what lenders use to make financial decisions about you

Protect yourself after a data breach

Find out what data you lost and ensure it doesn't get breached again

I’ve suffered a data breach: what should I do now?

Many of us have experienced that sinking feeling of reading that a company we often use has suffered a data breach. The knowledge that our personal information has likely been lost, misused or otherwise compromised. Unfortunately, data breaches are becoming increasingly common, particularly because organisations process so much personal data on a daily basis. This trend is only set to accelerate as technology develops. 

In the period to April 2020, statistics from the Information Commissioner’s Office showed that during the final three months of that year alone, 2629 data breaches were reported to it.  The breaches involved data held by organisations ranging from the charity and finance sectors through to healthcare. Many companies don’t self-report data breaches to avoid fines, making these reported figures likely to be just the tip of the iceberg.

We often have little choice but to trust that organisations will look after our personal data properly.  We rely on them to safeguard the information against unauthorised activity. But, what happens when things go wrong? 

What steps should you consider taking in the event of a personal data breach?

Check and secure your personal accounts

Fortunately, advances in technology also mean that additional security measures such as “two step authentication” are increasingly available.  

  • Check your security settings to protect against any untoward activity should your personal data be exposed.  
  • Consider changing your passwords and login information for key accounts, such as email, and consider contacting your bank to make them aware that you have potentially been the victim of a data breach. They can make a note on your account and potentially monitor it for any suspicious activity. This is obviously particularly important in the event of a data breach relating to your financial information, but the disclosure of other information can also create a security risk in terms of identity fraud. 
  • You should monitor your accounts for any suspicious activity and consider whether or not to take out an ID fraud prevention package.   

Make a report to the ICO

The ICO is in a position to request key information from the organisation which was responsible for looking after your information. If it transpires that the organisation has failed to meet legal or regulatory requirements, the ICO can take action against them, including performing an audit of their data protection policies and practices, telling them to implement certain corrective measures, and/or imposing a fine. The organisation may have reported the data breach to the ICO itself.

If the organisation is failing to provide you with key information regarding the data breach, the ICO may be able to help you. 

Make a Data Subject Access Request

You may find that the organisation responsible for the data breach is communicating with you sensibly and constructively. However, if they are not, UK data protection law provides individuals with the right to request information about the personal data which organisations hold about them and how it is being used.

If you think that you have been the victim of a data breach, you can make a request to the organisation responsible for your personal data and ask them to confirm what personal data they hold about you and who your personal data has been shared with. Subject access requests can also be used to obtain information about data breaches.  The response may enable you to work out what steps you might need to take to protect your position. 

Seek compensation

If your legal rights under UK data protection law have been breached, you may be entitled to seek compensation from the person / organisation responsible. UK data protection and privacy law enables a person to seek compensation for “distress”, financial loss, and loss of their right to control their information which has been caused by the infringement of their legal rights.

Other legal remedies can be available too.  You should seek legal advice if you think that you have been affected by a data breach and want to make a claim. Time limits apply to legal claims and it is therefore important to act quickly.

Every data breach case is different. However, considering the above steps will help you to protect yourself and deal with a data breach.  

At Rightly, we’re helping clients of JMW Solicitors LLP have better control of their data. 

JMW Solicitors LLP advise individuals and businesses regarding their data rights and obligations. If you require advice, you can contact one of JMW’s team on 0345 872 6666 or rightly@jmw.co.uk. 

Related Blog Articles

How they get away with it: nuances in GDPR

There are a few grey areas, or ‘nuances’ within GDPR that can, and have, been used to get away with some pretty questionable things. Let's take a look at the main ones.