In this guide, we’ll explain what a data breach is, your rights in the event of one, what actions you can take, and how to protect yourself and your personal data moving forward.

What Types of Data Can Organizations Hold About Me?

Thanks to modern technology, organizations can store vast amounts of personal data. Here are a few examples of what they may collect (and this list is far from exhaustive!):

  • Name
  • Address
  • Date of birth
  • Email address
  • Telephone numbers
  • Credit card details
  • Bank details
  • Password(s)
  • Location(s)
  • Purchase history
  • Emails

Wondering if an organization has your data? You can find out through our consumer guide on how to check if a company holds your personal information.

Additionally, we offer a free app that helps you discover whether an organization stores your personal data—learn more.

What Is a Personal Data Breach?

A personal data breach occurs when your personal information, protected under the General Data Protection Regulation (GDPR), is accidentally or intentionally destroyed, lost, altered, disclosed, or accessed due to a security incident.

The most common types of breaches happen when hackers gain unauthorized access to data, or when devices containing personal data are lost or stolen.

A breach can also occur if a company mistakenly shares your data without your consent, or alters it without permission.

If you discover that an organization has compromised your personal data, it’s important to take action to protect yourself.

What Must a Company Do After a Data Breach?

When an organization experiences a data breach, they must follow specific data protection procedures outlined by the GDPR. If the breach poses a significant risk to individuals, the organization is required to notify you without delay.

They should inform you of the following details, usually via email:

  • The contact details of their Data Protection Officer (DPO) or another relevant contact for more information.
  • A description of the breach and the data involved.
  • Measures taken, or proposed, to address the breach and mitigate any adverse effects.

Next Steps You Can Take to Protect Yourself

1. Change Your Usernames and Passwords

If your data was compromised and you use similar login details (such as usernames and passwords) across multiple accounts, you should change these immediately. Be sure to update any password managers you use, like 1Password or Dashlane.

2. Monitor Your Bank Accounts and Credit Reports

Over the next few months, keep a close eye on your bank accounts and online accounts for any unusual activity. If you spot anything suspicious, contact your bank right away and report it as fraud.

If you’re unhappy with how your bank handles the issue, you can escalate your complaint to the Financial Ombudsman Service (FOS).

Also, check your credit report to ensure no credit has been taken out in your name. If you notice fraudulent activity, report it to Action Fraud, the UK’s national fraud and internet crime reporting center, at 0300 123 2040 or visit the Action Fraud website.

3. Be Aware of Scams

If you receive calls or messages asking for personal information, including passwords or banking details, be cautious. Verify the caller’s identity by asking for information only the company they claim to represent would know (e.g., contract details or service information).

If you still have doubts about their identity, hang up and call the company back using the number listed on their official website.

Scammers may have access to more of your personal data than you expect, so it’s better to be safe than sorry.

How to File a Complaint and Seek Compensation

Under GDPR, organizations are required to protect your personal data and prevent unauthorized or unlawful processing, as well as safeguard it from accidental loss or destruction.

If your data was compromised and it has caused you financial harm or distress, you may be eligible to claim compensation from the organization responsible for the breach.

In conclusion, if your personal data has been involved in a breach, it’s crucial to take immediate steps to secure your information, stay alert for signs of fraud, and understand your rights in order to protect yourself from further harm.