Guides & articles My Data Has Been Breached, What Do I Do Next?

Peter Hammond I am a solicitor who has specialised in data breach compensation claims.
my data has been breached, what do I do next?

Whether your privacy has been violated through a criminal cyber attack or by an entrusted organisation, you have the full right to get compensation under the law.

The more technology advances and cybercrime increases, the stricter data protection regulation becomes. In 2018, the DPA was introduced in the UK to complement the GDPR’s work. Both serve to protect people’s cyber privacy every day. 

Data Breach Claim is established to help you compensate for any data breach act that has affected you. In this article, we’ll address all the questions that may come to your mind after you’ve been subject to a data breach.

Data Breach Claim — When Am I Entitled to Compensation?

You have the right to legally claim financial compensation for any intentional or unintentional action taken that involves using your personal data. According to the GDPR and DPA, whether your data has been maliciously or accidentally misused, disclosed, altered, or hacked, you are entitled to compensation.

All of the following incidents are considered data breaches:

  • Identity theft or fraudulent use of data
  • Health/Medical Care data leakage
  • Unauthorised access to private data on a lost or stolen device
  • Unauthorised selling or mistakenly sending your data to a third party
  • Loss of data by the entrusted organisation
  • IT security system breach of the organisation that holds your data
  • Financial data disclosure to a third party
  • Unauthorised login or disclosure of login information

I Had an Insignificant Data Breach. Is a Compensation Claim Still Valid?

Don’t belittle any violation of privacy, no matter how insignificant it may seem. You’d be surprised how many people dismiss such acts, only to endure harsh consequences in the future. Not protecting the security of your data now may result in unethical behaviours, like compromise or defamation.

There are certain types of data that are categorised as special data under data protection regulation. These personal data are sensitive; here’s a brief list of them.

  • Genetic data
  • Physical or mental health records
  • Race or ethnic background
  • Political affiliation
  • Religious or philosophical beliefs
  • Criminal records
  • Biometric data (Face/iris/voice/fingerprint recognition)
  • Trade union memberships

Is It Too Late to Make a Data Breach Compensation Claim?

In the UK, unless you’re filing your claim within six years since the data breach had happened, it’s not too late. It’s always advisable to make your claim as soon as possible, though.

I/My Loved Ones Have Suffered Emotionally/Mentally. Is It Still Possible to Get Compensation?

Absolutely! You’re eligible to file for a data breach compensation for any inconvenience caused, even if you’ve only gone through emotional distress. Being a victim of such an incident takes a toll on you and your loved ones. With our help, rest assured that you can get compensation for both material (e.g. economic loss) and non-material damage.

Data Breach Claim offers top-notch service with a team who’s confident of winning you compensation, even for non-material damage. We first evaluate your case and give you feedback on whether we think it’s a compensation winner. Then, our legal team works to refer you to a data breach solicitor that’ll get your compensation.

Does a Data Breach Compensation Entail Going to Court?

The first step, which saves cost and time, is to settle compensation with the organisation outside court. With a proven data breach, an organisation usually saves its reputation and litigation expenses by settling payment with the afflicted party. 

However, this may not always be the case, and this is when we extend to you our expert hand to guide you and recommend to you the best specialists who can aid you.


What’s the First Thing I Should Do After a Data Breach?

Your initial action should be to protect the rest of your data to ensure no further data breach is made. The next step should be looking into how your data has been breached, then seeking help on your case for compensation.

Here are detailed steps you should take once you’re aware of the data breach.

  1. Change all of your login information. Check your passwords/codes’ strength and activate multi-factor authentication options, such as verification codes or security questions.
  2. Keep a record of any notifications you receive concerning a data breach and any correspondences made concerning that matter.
  3. Find out exact details on what type of data has been breached and how.
  4. Direct contact with the offender: It’s always advisable that you initiate making a compensation claim by attempting to sort it out with the offender organisation
  5. Under no circumstances should you agree to sign any papers that urge you to forgo your rights as victims of the data breach.

My Data Has Been Breached. How Can I Make a Claim?

There are some steps you can take to make a claim after you’ve been subject to a data breach. Check them out here.

Contact the ICO

If you fail to reach an agreement with your offender, it’s best that you first correspond with the ICO to make sure your case follows UK’s data protection regulation in compliance with the GDPR and DPA. 

What Does the ICO Do?

The ICO is the Information Commissioner’s Office, a UK independent body of authority designated for protecting privacy rights and the implementation of data protection regulation. 

The ICO offers filing complaints about data breaches by individuals and organisations. Your case is then assessed, and they get back to you with their judgement on whether a real violation of data protection regulation has been made or not.

The ICO investigates your claim and gives you credible evidence to present to the offender organisation for a compensation settlement. Their feedback on your case also poses as an official statement of the data breach to the court. This solidifies your compensation claim. 

When filing a complaint to the ICO, according to the GDPR, you must submit the following:

  1. Details on the nature of the data breach:
  2. The name and contact information of the reported organisation (or their Data Protection Officer, if present) for further investigation
  3. A statement of the possible consequences of the data breach for the affected parties
  4. Details on what actions have been taken on your part, or the proper steps you would like the ICO to take concerning your data breach case. Plus, any required actions implemented to alleviate any possible threats or detrimental consequences.

Please note that it’s in the ICO’s ability to charge the offender organisation with a fine for the violation. Still, they don’t have the authority to provide you with legal advice or compensation.

Moreover, the ICO has the right to receive a commission to investigate your case upon your compensation receipt.

Contact Data Breach Claims

We have confidence the team of specialists we introduce you to will do their best to guide you to win your data breach compensation claim. We seek to make our clients reap maximum gains from their material and non-material losses by referring them to the right kind of competent help.

Taking action yourself by directly contacting the organisation to settle a compensation may not be the best idea. Individual claims may end up disregarded altogether. Even worse, you may fall into dispute with them or receive a negligible settlement compensation.

You must hold onto any documents pertinent to your data breach, and any communication made with the notifier organisation. Also, look for any suspicious behaviour on your accounts, like phishing emails or threats. Any piece of information related to your data breach can make a significant difference for our references in winning your case.

How Much Compensation Will I Get for a Data Breach?

Every data breach case is different from the other regarding the specifics concerning the circumstances of the breach and how much damage has occurred. 

This depends on factors such as:

  • Nature of breached data, whether sensitive or not
  • Nature of damage to the victim, material or non-material
  • Length of time data was breached
  • Number of times data was breached
  • Number of people who violated the data


Is There Anything Else I Should Do Besides File a Claim?

Yes, there are other essential aspects you should put into consideration besides making a compensation claim.For one, you’re liable for ensuring that the data breach details reported to or discovered by you are accurate and true.

Additionally, there may be other organisations that should be informed about the breach as soon as you’ve confirmed it. Some noteworthy examples include the police, National Cyber Security Centre (NCSC), and credit card issuers.

Lastly, take preventative measures to make sure such an incident doesn’t happen again.

How Will You Help Me With My Compensation Claim?

Our main aim is to help you fight for your right to receive compensation for a breach to your private information. To most people, going through such a process is something they’re not ready for, and they may even abstain from going through with this altogether. This is where you leave it to us.

We’ll put you in touch with experts who will assess your case and get back to you with feedback on whether they think your case qualifies for compensation. The advisors will direct you on what to do next and help to look into your case. Any further communication with the offending organisation will be made through our professional bodies.

The Verdict

Breaching people’s privacy always comes with a cost; some people suffer emotional damage and many others who suffer economic loss. Nothing that violates people’s rights goes dismissed under the law.

Remember that breaching your data is liable for compensation, and you have the right to fight for it. With Data Breach Claims, your data breach case is in the best hands.

0333 444 0325
Lines open 9am - 5pm Mon to Fri

Egerton House, 2 Tower Road, G5D, Birkenhead CH41 1FN

Start My Claim

© DataBreach Claims . DataBreach Claims 2021. Data Breach Claims is a trading name of Lead Pronto who is an appointed representative of Blain Boland & Thomas Limited registered in England No. 06535300 which is a Firm of Solicitors authorised and regulated by the Solicitors Regulation Authroity. SRA No. 485860. This website is operating in accordance to the privacy policy. ICO reg no. ZA473694. Data Breach Claims connects clients to regulated solicitors who deal with data breaches. We do not perform any legal services but simply connect you to a legal representative.

Check free if you're owed an average £4,000 refund

Start My FREE Data Breach Claim 100% Safe & secure, no win no fee check