A Guide Looking At How Long Do You Have To Report A Data Breach

If you have suffered harm due to a breach of personal data, you might be wondering,  ”How long do I have to report a data breach?”. In this guide, we’ll explore how long you have to report a breach to the Information Commissioner’s Office (ICO), the independent body tasked with upholding data subjects’ rights and freedoms, and how to go about it.

As well as wanting to know how long you have to report the data protection breach, you may also be interested in knowing whether or not you have the right to seek data breach compensation. Therefore, as well as stating the data breach reporting process, we look at the eligibility criteria that would need to be satisfied for a personal data breach claim.

Seeking data breach compensation may seem complex as it is, in essence, a new area of law. With the introduction of key data protection legislation only in 2018, many claimants choose to work with a solicitor on their case. In the penultimate section of this guide, we discuss how you could work with an expert data breach solicitor from our panel on a No Win No Fee basis.

Our team of advisors are here to help. Read on to learn more about how long you have to report a personal data breach, or contact a member of our team through the contact details below.

Contact Our Team

Two wooden blocks reading data breach sit atop a pile of notebooks

Select A Section

  1. How Long Do I Have To Report A Data Breach?
  2. How Do I Report A Data Breach And Make A Complaint?
  3. What Are Personal Data Breaches?
  4. How Do I Show My Data Was Breached?
  5. Could I Claim With A No Win No Fee Data Breach Solicitor?
  6. Where Can I Find Out More About How Long Do I Have To Report A Data Breach?

How Long Do I Have To Report A Data Breach?

If your personal data has been affected by a breach, you might be wondering, ”How long do I have to report a data breach to the ICO?”. Generally, the ICO like you to take some steps before you contact them regarding a breach of your personal data. Firstly it is recommended that you try to resolve any matters initially with the organisation where the data breach took place. If you are not happy with the responses given by the organisation, then you have 3 months in which to connect with the ICO after the last meaningful communication with said party.

As we move through this guide, we will also discuss how to report a data breach and how long organisations have to report a breach.

How Long Do Organisations Have To Report A Personal Data Breach?

If an organisation processing your personal data is involved in a data breach and this breach affects your rights and freedoms, that organisation must inform you without undue delay, advising what data has been breached, how this happened, and what it is doing to rectify the situation.

A data breach that puts your rights at risk must be reported to the ICO within 72 hours of discovery. The ICO will then decide whether to investigate and, if so, what action to take against the organisation.

If you’d like to learn more about how to report a data breach to the relevant supervisory authority, read on. Or, contact our team of advisors today to learn more about data breach reporting and claiming.

A digital illustration of a padlock on a technological background

How Do I Report A Data Breach And Make A Complaint?

As we discussed above, before making a complaint to the ICO, there are steps you can take to rectify the situation. Here we look at the steps you can take before reporting the data breach to the ICO.

  1. Talk to the organisation: First, it’s recommended that you talk to the organisation responsible for the breach through their data protection officer. They have to make you aware of the breach without undue delay, and can offer more information on how the security breach occurred, all the details that were included, the potential or actual impact, and how they intend to remedy it.
  2. Escalate the complaint: If you are not satisfied with the response you receive, you can escalate your complaint internally.
  3. Complain to the ICO. You must have last communicated with the organisation no longer than 3 months ago to raise a complaint with the ICO. When you make a complaint to the ICO, they may ask you for evidence of the breach. We’ll provide more details on evidence later in the guide.
  4. Investigation: After evaluating your complaint, the ICO may decide to investigate. An investigation may result in a fine being levied against the organisation responsible, however, the ICO does not pay out compensation for personal data breaches.
  5. Seek legal advice: If you were harmed by a personal data breach, you might be eligible to claim compensation. Seeking legal advice can be beneficial, as it can help you understand whether or not you have a valid personal data breach claim.

Data subjects have a right to report a breach, even if it hasn’t harmed them. Read on to learn more about personal data breaches, or contact our team of advisors today to find out if you could claim for a security incident leading to harm.

The words data breach sit on a bright blue cube surrounded by illustrations of padlocks

What Are Personal Data Breaches?

The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA) are the key legislation that provides data subjects with rights over how their data is processed.

A personal data breach is defined as a security incident leading to the accidental or unlawful destruction, alteration, loss, unauthorised disclosure of or unauthorised access to personal data. Personal data is any information that could be used to identify you, and can include your email address, postal address, full name, and phone number.

The two parties responsible for your personal data are the data controller (usually an organisation such as your employer) and the data processor. Data controllers decide why they want to use your data and how to store or process it. They can either process the data themselves or source it to a data processor.

The UK GDPR and the DPA provide you, the data subject, with the right to seek compensation for certain personal data breaches. To have an eligible claim you must be able to prove that:

  • The data controller or processor did not adhere to data protection law.
  • Of failure in adherence, a data breach occurs that compromises your personal data.
  • You suffered mentally or financially because of this breach.

A data breach can occur due to human error, such as sending an email containing your personal data to the wrong email address. Breaches can also be deliberate, such as if hackers infiltrate databases that contain data subjects’ personal data.

Contact our team today to learn more about making a claim for compensation for a personal data breach. You can also read on to learn more about proving a breach occurred.

How Do I Show My Data Was Breached?

Being able to prove the breach and how it affected you is important both in terms of reporting the breach to the ICO and making a claim. Some examples of evidence that you could use to prove a personal data breach occurred include:

  • Correspondence with the organisation: If you receive a notice letter or email, this can be used as proof of the breach.
  • Financial documents: Bank statements, invoices, and credit reports can be used as evidence of financial loss. A data breach can result in identity theft, stolen funds, and debt racked up in your name.
  • Medical records: Patient records or a letter from a psychologist can help prove if the breach affected your mental health.
  • Keeping a symptoms diary: Likewise, keeping a diary of the symptoms you experience as a result of this psychological damage can help give a better view of how the data breach affected you.

A solicitor can help you collect evidence to support your personal data breach claim if you decide to instruct one. Read on to learn more, or contact our team today to get started.

A solicitor explains how long is there to report a data breach to a client

Could I Claim With A No Win No Fee Data Breach Solicitor?

Now that you know how long there is to report a data breach, you might be interested in making a claim. Our panel of expert data breach solicitors may be able to help.

When you work with a data protection solicitor from our panel, they will offer you a Conditional Fee Agreement (CFA). This is a kind of No Win No Fee contract that allows you to work with them without having to pay an upfront fee for their work, or any fees for their services if your claim fails.

If your personal data breach claim succeeds, then you’ll pay a success fee. This is deducted straight out of your compensation as a previously agreed-upon percentage, which is also subject to a legal cap.

Contact Us

Our advisors are here to help. Get in touch today for more advice on how long you have to report a data breach or if you’d like to learn more about making a claim after reporting a data breach and start your free consultation. During this, one of our advisors can evaluate your claim for free, and tell you whether you have a valid case. If you do, they may then connect you with a solicitor from our panel.

To get started, you can:

Where Can I Find Out More About How Long Do I Have To Report A Data Breach?

For more helpful data breach resources:

Or, to read more of our guides:

Thank you for reading our guide on, ”How long do I have to report a data breach?”.