Compensation claims under the GDPR - an overview of the brewing storm - DAC Beachcroft

Compensation claims under the GDPR - an overview of the brewing storm's Tags

Tags related to this article

Compensation claims under the GDPR - an overview of the brewing storm

Published 30 May 2018

Breach response under the GDPR

As readers of this newsletter will probably be aware, the much discussed General Data Protection Regulation (GDPR) came into effect on 25 May 2018. In our last Solicitors' Risks in Brief we turned the spotlight on the brewing storm of compensation claims under the GDPR, and warned that solicitors may find themselves in the firing line as such claims become more common. In this issue we wanted to include a brief note on a related area which is keeping the data and cyber risk specialists at DAC Beachcroft increasingly busy – data breach response.

Under the Data Protection Act 1998 there is no general obligation that would require solicitors notify data breaches. This will change under the GDPR, which imposes a general obligation to self-report data breaches to the ICO within 72 hours, and to affected data subjects "without undue delay". The Article 29 Working Party has recently updated its guidance on data breach notification here, and the ICO has provided further information on what it expects to see here. The data and cyber risks team at DAC Beachcroft have extensive experience in dealing with data breach scenarios, both large and small, and can assist in marshalling a response that will restrict resulting exposures, whether that be to third party compensation claims, regulatory fines, or other associated losses and exposures.

However, given the incredibly restrictive 72 hour timeframe imposed under the GDPR, there is no substitute for solicitors adopting and maintaining their own internal breach response plan. It is important that such plans are living documents that are understood by staff. All staff should be able to identify a data breach, and those with key roles in the plan should understand their responsibilities. Ideally, this will involve walking through the plan on a sufficiently regular basis, and considering how it will respond to various breach scenarios. At DAC Beachcroft we have experience not only responding to data and cyber incidents, but helping organisations prepare. If you would like to discuss your breach response preparations and the role our data and cyber experts can play, please do not hesitate to get in contact.


Patrick Hill

Patrick Hill

London - Walbrook

+44 (0)20 7894 6930

< Back to articles