When a company or organisation collects and uses your personal data, it has a legal duty of care to protect it. There are also strict limitations to how your data can be used, and companies must make it clear to you how your data will be used at the point it is collected, and when you give your permission. They have a clear duty to make sure your data is kept accurate, current and that it’s accessible to you – and that it is still only being used for the purposes they stated when it was collected.
Unfortunately, it’s not uncommon for companies to neglect their data protection obligations. At its most benign, it can mean unwelcome and unsolicited contact from those companies…but that the other end of that spectrum, it can lead to identity theft and fraud.
In the modern economy, data – your data – is valuable.
What is GDPR?
In May 2018, stricter rules came into play, companies now have an even stronger duty of care over your data than they did previously. The General Data Protection Regulation (GDPR) has been described as “the biggest ever overhaul of data legislation” – and the penalties for breaching this law are severe.
The new rules place more importance on your right to your own data, and strengthens requirements on businesses which collect, store or use your personal data to make sure it’s accurate, current, accessible to you, and is still being used for the purpose that was declared to you when it was collected. Otherwise, the company has to delete any data no longer needed for that purpose.
At Gibson & Associates, we understand its importance, and we understand how stressful a data protection breach can be. If you believe your data protection rights have been ignored – our team of experienced data protection solicitors can help you. While compensation can’t undo all the damage caused by a data breach, it can help towards the costs of any financial damages you’ve suffered as well as the distress you’ve experienced.
Whether your employer, your healthcare provider or anyone you share details with misuses your data, you’ll be able to seek compensation*.
How do I know if my personal information has been involved in a Data Breach?
A company or organisation that has been exposed to a GDPR breach must notify those individuals affected. The beach could be communicated to individuals by email, by letter, or by a security notice posted on the company’s website. Other methods of communication that a breach has occurred is through the media.
How to check if your email has been involved in a Data Breach
You can use a reputable site such as Have I Been Pwned to check if your email has been breached and if your data is vulnerable.