I have suffered a Data Breach: Do I have any rights?

If it has come to your attention that an organisation or a company has lost, misused or shared your personal information without your knowledge or consent, there are steps you can take to protect yourself and, in some cases, claim compensation.

The organisation must inform you of the data breach

All organisations that process personal data are required to comply with data protection legislation. The Data Protection Laws (Data Protection Act 1998, and the EU General Data Protection Regulation). The Data Protection Laws give rights to individuals over their personal data and give obligations to organisations who process data.

If an organisation has lost your personal data as a result of a data breach, it must inform you without delay. The organisation must inform you about the severity of the breach, the consequences suffered, measures already taken, and action to be taken to deal with the data breach. It should also provide you with contact information of its data protection officer if you’d like to request more details.

Inform your bank and change passwords

If the breach involved financial information, credit card details or bank information, contact your bank and inform them that you have fallen a victim of a data breach. If any of your online accounts have been compromised, remove any card details and change your username and passwords.

You have rights

Under the Data Protection Act 2018, you have the right to ask:

    • What information organisations have stored about you
    • How your data is being used
    • If they have incorrect data updated
    • If they have data erased
    • Stop the processing of your data
    • Object to how your data is processed

Make a complaint

If your data was breached and has caused you emotional distress or financial loss, make a complaint to the organisation that has lost your data. Outline the damages you have suffered and ask for how they will compensate you. Make a complaint to the Information Commissioner’s Office (ICO), they will be able to investigate your claim and their opinion can be influential in make a claim against the organisation. 

Take a legal action against the organisation

Appoint an experienced solicitor to file an action in court against the company that breached your data. You might be entitled to a compensation. A solicitor will advice you on your case, guide you on the steps that need to be taken and help you start a claim.