What To Do After A Data Breach

By Stephen Anderson. Last Updated 20th October 2023. Welcome to our guide on how to deal with a data breach. If your personal information was compromised, then you may have suffered psychological harm or monetary losses. If so, you may be entitled to compensation.

This article informs you about the processes involved in making a claim and other relevant information on the topic. We’ll look at issues such as how much compensation you could receive and how long you have to make a claim.

If you have any questions about data breach claims then get in touch with us today. Our advisors can answer any questions you have, and may even be able to connect you with an expert solicitor if we believe you have a legitimate claim. What’s more, they’re available 24/7 and give no-obligation free legal advice. 

Read on for more information. You’ll also find our contact information just below.

  • Phone us on 0800 408 7825
  • You can also contact us through our website
  • Or, use the pop-up chat box in the corner 
what to do after a data breach

A guide on how to deal with a data breach

Select A Section

  1. Check What Data Has Been Affected 
  2. Watch Out For Suspicious Messages
  3. Report The Data Breach
  4. Could I Make A Data Breach Claim?
  5. Potential Compensation Payouts For A Data Breach
  6. Make A No Win No Fee Claim For Data Breach Compensation
  7. Learn More About What To Do After A Data Breach

Check What Data Has Been Affected   

When working out how to deal with a data breach, it’s important to know which information of yours has been compromised. Different data breaches may have different effects on your finances and your mental well-being. Also, different measures can be taken to reduce the chances of another breach occurring in the future.

For example, someone could have accessed a device containing sensitive information like your bank account details. A possible contributing factor to this could be that the device was not password-protected. To reduce the risk of this happening in future, it can be a helpful exercise to make sure your devices have the necessary security.

To illustrate further, your details may have been stored by an organisation or authority such as the council. Those who have access to your data in an authorised manner are known as data controllers or data processors. Data controllers decide how and why your personal information needs to be processed. For example, the council needs your address in order to ensure you pay council tax. 

Data processors are organisations that are sometimes used to process personal data on the controller’s behalf.

A personal data breach occurs when your personal information is, without authorisation or unlawfully:

  • Accessed
  • Destroyed
  • Altered
  • Lost
  • Disclosed

If the data controller or processor, through positive wrongful conduct, causes your personal information to be compromised, and it leads to your financial loss or mental harm, you could claim.

Additionally, knowing what personal data of yours has been breached could help you to know which data controller or processor to contact if they aren’t already aware of the breach. 

Check For A Data Breach Notification Letter Or Email

The organisation involved in the data breach would usually contact you about it. They should inform you if your personal data was involved in a breach if it risks your rights and freedoms. They should advise you what kinds of data might have been breached (such as bank details or your address).

Watch Out For Suspicious Messages

Certain unusual correspondences can be a sign of someone having access to your data who shouldn’t. For example, a company that has never contacted you before may suddenly ask for your debit or credit card details.

These messages can come in various forms such as text messages or emails. You may also be contacted over the phone and asked for certain personal information if your phone number has been leaked.

If you are suspicious, it’s advised not to give them any information before you can confirm that they have no ill intent. Deceivingly realistic-looking letters can also arrive by post.

The act of impersonating an official or trustworthy body in order to trick people into handing over their personal information is known as “phishing”.

Reporting Suspicious Messages

Whilst it can be difficult to know who to report certain data breach claims to, you can report suspicious activity such as phishing emails through the government.

You can text 7726 for free to report suspicious phone calls or text messages too.

Additionally, if a scammer is assuming the identity of a well-known organisation, you can contact the organisation directly through a trusted channel to verify the correspondence, and report the messages you have already received.

Report The Data Breach

Whilst the data controller or processor should inform you if they have been responsible for a data breach, they may be unaware, or fail to do so for other reasons. If so, you should get in touch with them and tell them.

If the organisation responsible is not replying in any significant way, you could contact the Information Commissioner’s Office (ICO). The ICO is a public body that enforces data protection legislation in the UK. You should make a complaint to them within three months of the last meaningful contact with the organisation if they’re providing an unsatisfactory response.

The ICO could investigate the issue, and issue any relevant financial penalties for any data breaches under the UK General Data Protection Regulation (UK GDPR).

Any other relevant bodies should also be notified, such as your bank if your finances have been affected.

Could I Make A Data Breach Claim?

Data controllers and data processors need to follow certain procedures on how they collect, process and safeguard personal data. These rules can be found in the Data Protection Act 2018 (DPA) and the UK General Data Protection Regulation (UK GDPR), as together, these make up data protection laws. If they fail to comply with data protection laws, this could result in a data breach.

You may be eligible to start a personal data breach claim if the following applies:

  • The data breach was caused by a data controller or processor’s actions or inactions.
  • Your personal data must have been compromised in the breach.
  • As a result of your personal data being breached, you suffered financial loss or mental harm.

To see whether you may have a valid case or for more advice on what to do after a data breach, you can contact our advisory team today.

Limitation Periods To Start A Data Breach Claim

Knowing how long you have to start a claim is part of knowing how to deal with a personal data breach. For claims against a private company, you may have 6 years to start a claim for compensation. However, for personal data breach claims against a public body, this time limit could be just 1 year. Examples of public bodies would include the NHS or the police forces.

How Long Can Data Breach Claims Take?

This can be a difficult question to answer, as every claim has its own unique circumstances. Some cases may be quite simple, whilst others more complex. Due to this, the length of time it takes to make a data breach claim can vary.

We would be able to offer you more accurate guidance on this once we know more about your potential claim. However, a definite timeframe cannot necessarily be pinned down. This is especially true during the very early stages of a claim.

Potential Compensation Payouts For A Data Breach

The value of data breach claims can vary depending on the amount of harm done to the victim. For the impact on the individual’s mental health (such as worsening symptoms of post-traumatic stress disorder, also known as PTSD), an amount known as non-material damage is awarded. You can claim for non-material damages whether you’ve suffered financial loss as a consequence of the data breach or not. 

Compensation for non-material damages can be calculated with the help of a publication called the Judicial College Guidelines (JCG). This is the publication that’s also used in personal injury claims, which differ from data breach claims. 

We’ve included some example entries from the JCG in the table below. The figures listed are based on past cases, but receiving this amount is not a guarantee. For a free estimate of what you could claim, why not call us?

Injury Awarded For Description
General psychiatric damage (a) Severe – many areas of the victim’s life will have been affected £54,830 to £115,730
General psychiatric damage (b) Moderately severe – issues will have been more severe, but there is cause for optimism in regards to the prognosis £19,070 to £54,830
General psychiatric damage (c) Moderate – there will have been improvements with a good prognosis £5,860 to £19,070
General psychiatric damage (d) Less severe – some minor symptoms such as disruption of sleep £1,540 to £5,860
PTSD (a) Severe – disturbance to numerous areas of the victim’s life £59,860 to £100,670
PTSD (b) Moderately severe – whilst symptoms may have been worse, a good recovery is more likely to be on the horizon £23,150 to £59,860
PTSD (d) Less severe – an almost complete recovery within 2 years £3,950 to £8,180

You could also be awarded a sum called material damage. This is only relevant if you have suffered a financial loss due to the data breach. For example, if you have experienced mental harm and needed some time off work, you may have experienced a loss of earnings.

You’d need to prove these losses with documents such as payslips or invoices.

Get in touch if you want to know more about how compensation for data breach claims can be calculated.

Make A No Win No Fee Claim For Data Breach Compensation

If you’re looking to enlist the services of a legal professional but are worried about the finances required, we may be able to help. All of the solicitors on our panel work on a No Win No Fee basis.

This arrangement is as simple as it sounds. If your No Win No Fee lawyer fails to help you win your case, you aren’t required to pay them their fee. You only have to pay it if you are awarded a settlement.

If you receive a settlement, their fee is covered by a small percentage taken from this compensation.

Under a No Win No Fee agreement, you also wouldn’t need to pay any ongoing or upfront solicitor fees.

Get in touch today and we can tell you whether or not you could make a No Win No Fee claim.

  • Phone us on 0800 408 7825
  • You can also contact us through our website
  • Or, use the pop-up chat box in the corner  

Learn More About What To Do After A Data Breach

Here are some extra links so you can read more on this subject.

If you’d like any more information on how to deal with a data breach, why not get in touch today?