Law Services for Businesses Data Breaches

Assisting you in understanding whether your business has suffered a data breach and, where appropriate, advising on the next steps.

Our data breach response lawyers assist clients with various types and severities of data breaches, some of which have occurred on a cross-jurisdictional basis and some of which have been caused by the organisation’s service providers. A personal data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. For the data protection rules to apply, the breach must relate to personal data as opposed to purely commercial data, which does not relate to individuals.

 

The data breach must be caused by a breach of security and does not include all “non-compliant processing” (e.g. a company might be breaching the data protection rules by processing data without a privacy notice, but this does not mean it has had a ‘personal data breach’). This links to the requirement that your organisation has appropriate technical and organisational measures in place to protect personal data. The breach can be caused by an accident (such as sending an e-mail to the wrong recipient) or a deliberate act which is unlawful (e.g. allowing another organisation to access your CRM system without informing the relevant individuals).

A dedicated Data Breach Response Team

We can assist you in understanding whether you have had a personal data breach, or if it is instead a non-compliance issue.

Our dedicated Data Breach Response Team can be contacted on 0300 303 1019.

Types of personal data breach

There are three main types of security breach:

  • confidentiality breaches (disclosure of, or access to, personal data), including providing personal information to someone that should not have access to it;
  • integrity breaches (alteration of personal data), including data becoming corrupt and irrecoverable; and
  • availability breaches (loss of access to, or destruction of, personal data), such as when paper records are lost due to flooding and there are no back-up copies.

Do you suspect a personal data breach?

If you suspect a personal data breach (whether caused by you or someone else), you should tell the relevant persons within your organisation immediately. Those responsible for managing the response to the breach should contain, minimise and mitigate the breach, including making a recovery plan where relevant, and preserve all evidence relating to the potential breach.

Communicating a personal data breach

Those responsible for managing the response to the breach should also assess if the ICO, data subjects or any other parties require to be notified, and consider the message being issued to your stakeholders. Record the details of the breach is a legal requirement, and you should evaluate and share your learning within your organisation to ensure it does not happen again.

Notifying the ICO

We can assist you in evaluating whether the breach is notifiable to the ICO and preparing the appropriate notification. We can also help you to understand whether the breach needs to be notified to affected data subjects, and to draft clear communications informing them of the breach, including creating FAQ documents for customers and other affected data subjects to help manage the questions they may have following a breach.

Policies & procedures

If you have a notifiable personal data breach, you have 72 hours from becoming aware of the breach to inform the ICO. A procedure outlining the process for dealing with a breach will enable your staff to act quickly, and we can assist with preparing and implementing personal data breach policies and procedures within your organisation.

Good governance

The best step in preventing a breach is to have appropriate security measures in place from the outset, including having in place good data governance by way of policies, procedures and training. We can help your organisation to identify what policies it needs, prepare and implement those policies, and provide tailored training sessions to staff on the meaning of those policies and how these operate in practice.

Related Services

  • Policies & Documents

    We have a number of template policies and types of documentation to help your business comply with data protection law.

    Policies & Documents
  • Auditing & Mapping

    Helping you understand the flow of personal data within your organisation and implement any remedial actions to improve compliance.

    Auditing & Data Mapping
  • Big Data & Technology

    Our team advises on the deployment of big data technologies in compliance with data protection law.

    Big Data & Technology
  • International Reach

    Helping you to ensure your data processing activities are fully compliant with GDPR and the UK Data Protection Act worldwide.

    International Reach of Data Protection Law
  • Cyber Security

    Our team can advise you on full compliance with the requirements to ensure your business is not at risk of cyber crime.

    Cyber Security & Cyber Crime

Our Awards & Accreditations

  • In 2016, we became one of the first law firms in Scotland to become Living Wage accredited employers.

  • Winners of Corporate & Commercial Team of the Year and Family Law Team of the Year at the Scottish Legal Awards 2020.

  • Our Real Estate team won the Property Team of the Year Award at the British Legal Awards in 2018.

  • Winner of SME of the Year at the Scottish SME Awards 2017, hosted by Scottish Business Insider.

  • Highly Commended for Commercial Team of the Year at the British Legal Awards 2016.

  • We are a proud member of the Legal Sustainability Alliance, a network of law firms committed to working collaboratively to reduce our environmental impact

  • In 2019, MacRoberts achieved Cyber Essentials Plus certification, a UK Government entry-level information security standard. 

  • MacRoberts holds the ISO 9001:2015 certification for Quality Management, the most widely recognised quality management system standard in the world.

  • MacRoberts holds the ISO14001:2015 certification for Environmental Management, demonstrating our ongoing commitment to environmental awareness.

  • MacRoberts holds the ISO27001:2013 certification for Information Security, an internationally recognised security gold standard.

  • Business continuity is a critical element of the Business Management System at MacRoberts and we hold full accreditation with the ISO 22301:2012.

  • MacRoberts is a member of IP Inclusive, a network of intellectual property professionals working to make our community more equal, diverse and inclusive.

  • We are active members of the PRIME Programme – an organisation that focuses on ensuring a career in law is open to talent from all economic and social backgrounds.

  • MacRoberts supports the Scottish Business Pledge, a values-led partnership between Government and business that is based on boosting productivity and competitiveness through fairness, equality and sustainable employment.

  • We are supporters of the Partnership for Change, a network of organisations and individuals who share a common ambition to improve diversity on boards and in senior leadership.

  • MacRoberts is a Disability Confident employer, and are committed to disability equality across our firm.

  • MacRoberts fully supports flexible working practices and supports family-friendly working practices.

  • MacRoberts became a member of the Stonewall Diversity Champions Programme in 2018.

  • MacRoberts is a member of The Glass Network, Scotland's organisation for LGBT+ allied legal professionals.
  • MacRoberts is a longstanding member of Scotland Food & Drink, the leading trade association for Scotland's food and drink industry.