When a third party has failed to protect personal data

If you are ever affected by a data breach or cybersecurity incident caused by a third-party organisation whom you entrusted your information to, it is important that you know what your rights are in the fallout of such an incident. It may feel difficult to stand up to a huge company or local authority, but if a third party has failed to protect personal data, they should be held responsible for their reckless attitude to data protection.

At Your Lawyers – The Data Leak Lawyers – we have been fighting for the rights of data breach victims for many years, aiming to bring justice for the damage that victims have suffered from. Organisations must stand up and take their data protection duties seriously. If they fail to do so, they should be punished as they would be under other areas of the law.

Data protection negligence

Despite the fact there has been legislation governing data handling for decades, many companies still fail to understand the protective responsibilities that they owe to their customers and members. In fact, the introduction of the General Data Protection Regulation (GDPR) in 2018 has still not put a stop to avoidable data breaches.

For example, in recent years, we have seen numerous council information incidents and NHS data breaches caused by avoidable things like so-called “human error” incidents, where employees may have failed to protect personal data. In a recent example, the Bristol City Council data breach was caused by an email error that exposed the information of hundreds of children. In another example, the infamous 56 Dean Street Clinic leak of 2015 involved the exposure of incredibly personal and sensitive medical statuses.

In a large-scale example, the British Airways data breach exposed the personal data of approximately 400,000 customers due to system insecurities.

The GDPR – your rights

The needless reoccurrence of data protection errors shows a systemic disregard for the importance of information security, so we believe it is important to uphold the rights that we are all entitled to under the GDPR. In data breach claims, upholding the GDPR is not only about recovering compensation for claimants, it also forms part of the punishment against organisations who have failed to protect personal information.

In accordance with the GDPR, you could be entitled to claim for any negative impact that you may have suffered as a result of a data breach. This can include both “material” and “non-material” damage, meaning you could be eligible to claim for consequent financial losses and expenses, and also for the distress or psychological suffering you may have endured.

It is also important to think about claiming as soon as you possibly can following a data breach. This is to make sure that you avoid missing out on any court deadlines, especially in group action claims.

Claiming for compensation when a third party has failed to protect personal data

If you wish to launch a data breach compensation claim, you could place your claim in no better hands than that of Your Lawyers – The Data Leak Lawyers. We have spent many years developing our expertise in this specialist, emerging area of law. As such, we are well placed to take your claim forward and make sure that your data breach compensation pay-out is the best that it can be.

To receive free, no-obligation advice on your potential data breach claim, contact us today.

Too many organisations have failed to protect personal data in recent years, but we believe every claim is a step towards changing negligent attitudes towards data protection.

ICO take enforcement action against Experian

East Devon Council password data leak