Free Guide – Data Breach Complaints
3 min read
May 21, 2025
About this guide
Your rights to privacy are enshrined in UK law. But the illegal trade in personal data is booming.
In recent years, cyber attacks on private companies and state institutions have compromised the personal data of UK citizens.
A data-driven world also creates a financial incentive for companies to harvest their users data and pass it along to third parties.
Data breaches and unlawful data sharing put employees and service users at risk.
This guide lays out the process for making a complaint about a failure of a company’s duty of care for any sensitive details and personal data it holds. It also explains how to get the ICO to investigate if you’re unhappy with a company’s response.
GDPR
Your rights to privacy are enshrined in UK law – with the General Data Protection Regulation (or GDPR) being the most well-known piece of legislation regarding duty of care for personal data.
GDPR was enacted into British law by The Data Protection Act 2018. This piece of legislation means that when organisations want or need to process your personal data they must seek permission first and follow strict regulations on how it is handled, protected and stored.
GDPR means that, when you give your personal information to anyone – whether a company, service provider or your employer – they have a duty of care to protect it. After all, if it ended up in the public domain you could be at risk of all kinds of fraud.
Companies must have in place robust systems for detecting, investigating and reporting any threats or breaches.
What happens if your data is compromised?
If there is a data breach, organisations have 72 hours to report it to the Information Commissioner’s Office (ICO), which will then conduct an investigation.
And if the breach is likely to negatively affect the rights and freedoms of the individuals whose data they hold, the company must inform them that their personal information has been compromised without ‘undue delay’.
Complaining about a data breach
If you think your data has been misused or a company or organisation holding it has not kept it secure, you can raise a complaint with them.
In your complaint, you should include:
- Any communications you’ve received from the company informing you about the breach and what data was affected.
- Further details about the data that was compromised – in other words, what personal details the company holds on you and failed to protect.
- If and how you’ve been adversely affected or harmed by the fall-out of the breach – such as being targeted by fraudsters or having your identity stolen.
Escalating to the Information Commissioner’s Office
If you’re unhappy with the company’s response to your complaint, you have the right to make a complaint to the Information Commissioner’s Office (ICO). The ICO can independently investigate your complaint and, if necessary, take action against anyone who’s misused personal data.
To submit your complaint use their contact page: how to make a data protection complaint.
Escalating to the Information Commissioner’s Office
You can also give them a call on: 0303 123 1113.
For textphone it’s 01625 545860 (Monday to Friday, 9am to 4:30pm). If you would rather write to them, the address is:
Information Commissioner’s Office
Wycliffe House Water Lane
Wilmslow
Cheshire
SK9 5AF
Make a data breach claim
If your data has been compromised you should be compensated. However, we know that the process of raising a complaint to the company can be time-consuming and, if you end up going to court, expensive.
Our recommended provider, Barings Law, can help those who have been caught up in data breaches be awarded damages. Their experts can advocate on your behalf and get you the compensation you’re entitled to with minimum time and effort. Claiming will protect you from legal costs later on – you’ll only pay a fee if you are awarded compensation.
Share this:
Resolver
Need to resolve an issue? Let's get this sorted.
No Comments