By Max Morris. Last Updated 20th June 2022. This guide will look at how long do you have to report a data breach? And we will look at how long a company has to report a data breach. Moreover, we will explain how to claim compensation for a personal data breach.
It’s normal for organisations to collect personal data from employees, clients and other stakeholders. Organisations that decide why and how personal information is collected are known as data controllers.
The organisation may be a private company, public body, or other. However, they must abide by data security legislation. There are two main pieces of legislation in the UK that look to protect personal data. These are the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018 which state that data controllers must secure and protect the personal data they collect from data subjects. So, what happens if a breach of personal data takes place? Could the data subject be eligible to make a data breach claim for compensation?
Public Interest Lawyers could help get your breach of personal data claim started. The solicitors on our panel all offer a No Win No Fee service. To begin your claim, please call our helpline today 0800 408 7825. Alternatively, please send us a message via our contact form, and we will get back to you right away.
Select A Section
- Where Should Data Breaches Be Reported?
- What Types Of Data Protection Breaches Could You Claim For?
- How Do You Report A Breach Of Data Protection?
- How Long Do You Have To Report A Data Breach And Make A Claim?
- Data Breach Compensation Claim Calculator For 2022
- Contact Us About Questions On How Long Do You Have To Report A Data Breach
Before explaining how long you have to report a data breach, let’s define a data breach.
Data breaches are security incidents that compromise the protection of personal data. A data breach can happen at a private company or any other organisation that processes personal data.
A personal data breach could be the destruction, loss, alteration or unauthorised disclosure of personal information due to a security incident. Or when unauthorised individuals could gain access to personal data.
The reason for a data breach is often human error. However, sometimes data breaches happen because of malicious actors. For example, criminals may carry out a malware attack on a company to access personal information such as bank details.
In some cases, the data breach victims will experience emotional distress. Or certain individuals may experience mental health problems, such as depression, anxiety or acute stress. Data breaches can also be costly to the victim as fraudsters may use their breached data to defraud them of money or assets.
How do you report a data protection breach in the UK? If you discover a data breach, please report the data breach to the organisation’s data protection officer. The data protection officer will investigate the breach. And hopefully, the organisation can resolve the matter internally. However, if you are not satisfied with the organisation’s response to the complaint, you can report a breach in the UK to the Information Commissioner’s Office.
How can a personal data breach happen? A data breach can happen because of wrongful disclosure of or access to data. For example, a receptionist may leave a document where a member of the public can view it. Therefore, the public would have access to the private information on the documents. Here are some other examples of how a data breach can happen:
- An email is sent to the wrong email address, sharing personal information without permission.
- A charity sends a mass email and fails to use the Bcc column. Therefore the email addresses are shared amongst the recipients.
- An employee loses their work device, which contains confidential documents.
- An HR employee leaves their computer screen unlocked so other people have access to the confidential data on the screen.
- Criminals could hack into a company’s database to steal personal data. After that, the criminals may use the data for ransom or fraudulent purposes.
Have you been harmed because of a breach of your personal data? Then you may be eligible to claim compensation. Please contact Public Interest Lawyers today to speak to an advisor.
How do you report a data protection breach? If an organisation breaches your data in the UK, they should report it to the ICO. However, not all data breaches need to be reported to the ICO only ones that affect the rights and freedoms of a data subject.
How long do businesses have to report a data breach? Businesses and organisations should report data breaches to the ICO within 72 hours. Moreover, the organisation should send you a GDPR data breach notification without undue delay.
However, if you have discovered a data breach yourself, you could according to the ICO raise your concerns with the organisation. Hopefully, the data protection officer will resolve the matter internally. However, if you are not satisfied with their efforts, you can report the data breach to the ICO. The Information Commissioner’s Office is a public body that enforces the UK data protection laws. The ICO can investigate and fine organisations that do not adhere to data protection legislation.
However, the ICO cannot award data breach victims compensation. So if you want to find out if you can make a data breach claim for compensation call our expert advisors. They will listen to your case and advise if you have a valid claim. They can even offer to connect you with a data breach solicitor who offers a No Win No Fee service
How long do you have to report a data breach to the ICO? If you want to report your data breach to the ICO for them to investigate leave it no longer than 3 months since your last communication with the organisation you hold responsible for the data breach.
Now, let’s answer the question, how long do you have to report a data breach? The answer depends on who is reporting the data breach to the ICO.
If an organisation discovers that the personal data they hold on you has been breached and this is going to affect your rights and freedoms, it must report the data breach to the ICO within 72 hours.
The data controller/organisation should inform you, the data subject, of the breach without undue delay if your rights have been affected.
What should you do if you believe an organisation has breached your data? You could report a breach to the data protection officer as soon as possible. What happens if the organisation does not resolve the matter internally? As we have mentioned, you can report the data breach to the ICO, who may investigate the matter.
However, if you want to make a claim for a personal data breach we would always advise getting legal help. These cases can be complicated and it can be more than useful to have a solicitor supporting your case.
There is a time limit for which your claim must be started. In general, if a public body has breached your data, then you have one year to begin your claim, However, there is a 6-year time limit to make all other data breach claims. Our advisors can help you determine which category your data breach falls into.
Call our expert advisors today for free legal advice without obligation. For all cases they can see may succeed they will connect you with our panel of data breach solicitors.
Now we’ve clarified the time frame for reporting a breach of security, this section will explain what you could receive as compensation. There are two types of compensation you may be able to receive as part of a data breach claim:
- Material damages – This relates to any losses you’ve suffered financially because of the data breach. For instance, your financial details could be stolen, resulting in you suffering from monetary losses.
- Non-material damages – This relates to any psychological injuries that you’ve suffered because of the breach. As such, this can include PTSD, anxiety and depression.
Due to the ruling of Google Inc vs Vidal-Hall and Others, you no longer need to suffer material damages from a data breach to claim for non-material damages. Furthermore, because of the ruling regarding Gulati and Others vs MGN Limited, when claiming for psychological damages from a data breach, they are now assessed in the same way as they are in personal injury claims.
The Judicial College Guidelines can give you a greater understanding of what you could receive for non-material damages. Please see the table below. The figures have been taken from the latest guidelines, published in 2022.
|Nature of The Injury||Level||Damages||Comments|
|Psychiatric Injuries||Severe||£54,830 to £115,730||The effects may be permanent and there will be little chance of the person making a recovery. Similarly to the most severe category above, the effects will extend through all parts of this person's life.|
|Moderately Severe||£19,070 to £54,830||Difficulties could extend through all parts of this person's daily life such as work and relationships. There is a greater scope for recovery than the person above.|
|Moderate||£5,860 to £19,070||By the time of a trial, there will have been a marked improvement and there will also be a good prognosis.|
|Post Traumatic Stress Disorder (PTSD)||Severe||£59,860 to £100,670||The effects of post traumatic stress disorder will be permanent. These could extend through all parts of this person's life from relationships to education and work.|
|Moderately Severe||£23,150 to £59,860||Whilst this victim could be affected in a similar way and some serious problems will persist, there may be a more positive outlook for recovery.|
|Moderate||£8,180 to £23,150||The victim should have made or will make a good degree of recovery. If there are any lasting effects these will not be considered 'grossly disabling'.|
Please remember that these figures are not guaranteed. If you have further questions about topics such as how long you have to report a data breach or if you would like a compensation estimate, please contact us for free using the details above.
We appreciate you taking the time to read this data breach claims guide. We hope we have answered the question, “How long do you have to report a data breach?” accurately.
Or use our contact form.
You will have a choice to sign a Conditional Fee Agreement. Both parties will agree that you will only be charged a success fee if you win your claim. Therefore, your solicitor will be taking the financial risk, not you.
Please get in touch with us to make your data breach claim. Or you speak to us right now, using the Live Support widget.
Reporting And Recording UK GDPR Breaches
If you would like to learn more about making a data breach claim, please contact us today.
A Citizen’s Advice guide to human rights breaches
Your rights under the UK GDPR
A guide to the UK General Data Protection Regulation
Thank you for reading our guide to how long do you have to report a data breach.