MacRoberts is now Morton Fraser MacRoberts. As we embark on this exciting journey, rest assured that we will continue to provide the same exceptional service to our loyal clients. Find out more

Law Services for Businesses Data Breaches

Assisting you in understanding whether your business has suffered a data breach and, where appropriate, advising on the next steps.

A dedicated Data Breach Response Team

We can assist you in understanding whether you have had a personal data breach, or if it is instead a non-compliance issue.

Our data breach response lawyers assist clients with various types and severity of data breaches, some of which have occurred on a cross-jurisdictional basis and some of which have been caused by the organisation’s service providers.

Our dedicated Data Breach Response Team can be contacted on 0300 303 1019.

Has your business suffered a data breach?

A personal data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. For the data protection rules to apply, the breach must relate to personal data as opposed to purely commercial data, which does not relate to individuals.

The data breach must be caused by a breach of security and does not include all “non-compliant processing”, e.g. a company might be breaching the data protection rules by processing data without a privacy notice, but this does not mean it has had a ‘personal data breach’. This links to the requirement that your organisation has appropriate technical and organisational measures in place to protect personal data.

The breach can be caused by an accident (such as sending an e-mail to the wrong recipient) or a deliberate act which is unlawful, e.g. allowing another organisation to access your CRM system without informing the relevant individuals.

Types of personal data breach

There are three main types of security breach:

  • Confidentiality breaches (disclosure of, or access to, personal data), including providing personal information to someone that should not have access to it;
  • Integrity breaches (alteration of personal data), including data becoming corrupt and irrecoverable; and
  • Availability breaches (loss of access to, or destruction of, personal data), such as when paper records are lost due to flooding and there are no back-up copies.

Do you suspect a personal data breach?

If you suspect a personal data breach (whether caused by you or someone else), you should tell the relevant persons within your organisation immediately.

Those responsible for managing the response to the breach should contain, minimise and mitigate the breach, including making a recovery plan where relevant, and preserve all evidence relating to the potential breach.

person typing on latop

Communicating a personal data breach

Those responsible for managing the response to the breach should also assess if the ICO, data subjects or any other parties require to be notified, and consider the message being issued to your stakeholders.

Recording the details of the breach is a legal requirement, and you should evaluate and share your learning within your organisation to ensure it does not happen again.

Notifying the ICO

We can assist you in evaluating whether the breach is notifiable to the ICO and preparing the appropriate notification.

We can also help you to understand whether the breach needs to be notified to affected data subjects, and to draft clear communications informing them of the breach, including creating FAQ documents for customers and other affected data subjects to help manage the questions they may have following a breach.

Policies & procedures

If you have a notifiable personal data breach, you have 72 hours from becoming aware of the breach to inform the ICO.

A procedure outlining the process for dealing with a breach will enable your staff to act quickly, and we can assist with preparing and implementing personal data breach policies and procedures within your organisation.

Good governance

The best step in preventing a breach is to have appropriate security measures in place from the outset, including having in place good data governance by way of policies, procedures and training.

We can help your organisation to identify what policies it needs, prepare and implement those policies, and provide tailored training sessions to staff on the meaning of those policies and how these operate in practice.

Related Services

  • Data Protection & Cyber Security

    Our team advises clients on the full range of data protection matters to ensure your business is fully compliant with the law.

    Data Protection & Cyber Security
  • Policies & Documents

    We have a number of template policies and types of documentation to help your business comply with data protection law.

    Policies & Documents
  • Auditing & Mapping

    We can help you understand the flow of personal data within your organisation and implement any remedial actions to improve compliance.

    Auditing & Data Mapping
  • Big Data & Technology

    Our team advises on the deployment of big data technologies in compliance with data protection law.

    Big Data & Technology
  • International Reach

    We can help you ensure your data processing activities are fully compliant with GDPR and the UK Data Protection Act worldwide.

    International Reach of Data Protection Law
  • Cyber Security

    Our team can advise you on full compliance with the requirements to ensure your business is not at risk of cyber crime.

    Cyber Security & Cyber Crime

Our Awards & Accreditations

  • In 2016, we were one of the first law firms in Scotland to become accredited Living Wage employers.

  • Shortlisted for Firm of the Year at the Scottish Legal Awards 2022.

  • Winners of Corporate & Commercial Team of the Year and Family Law Team of the Year at the Scottish Legal Awards 2020.

  • Our Real Estate team won the Property Team of the Year Award at the British Legal Awards in 2018.

  • Winner of SME of the Year at the Scottish SME Awards 2017, hosted by Scottish Business Insider.

  • Highly Commended for Commercial Team of the Year at the British Legal Awards 2016.

  • In 2019, MacRoberts achieved Cyber Essentials Plus certification, a UK Government entry-level information security standard.

  • MacRoberts holds the ISO 9001:2015 certification for Quality Management, the most widely recognised quality management system standard in the world.

  • Iso 14001 2015 Environmental Management

    MacRoberts holds the ISO14001:2015 certification for Environmental Management, demonstrating our ongoing commitment to environmental awareness.

  • MacRoberts holds the ISO27001:2013 certification for Information Security, an internationally recognised security gold standard.

  • Business continuity is a critical element of the Business Management System at MacRoberts and we hold full accreditation with the ISO 22301:2019.

  • MacRoberts is a member of IP Inclusive, a network of intellectual property professionals working to make our community more equal, diverse and inclusive.

  • We are active members of the PRIME Programme – an organisation that focuses on ensuring a career in law is open to talent from all economic and social backgrounds.

  • MacRoberts supports the Scottish Business Pledge, a values-led partnership between Government and business that is based on boosting productivity and competitiveness through fairness, equality and sustainable employment.

  • We are supporters of the Partnership for Change, a network of organisations and individuals who share a common ambition to improve diversity on boards and in senior leadership.

  • We are a member of the Employers Network for Equality & Inclusion (ENEI), a UK-based not-for-profit organisation which helps employers build and maintain diverse teams and inclusive cultures through our membership, training, and consultancy services.

  • MacRoberts was awarded enei's Silver TIDEMark for 2023. TIDE is enei's self-assessment evaluation and benchmarking tool which measures an organisation's overall approach and progress on diversity and inclusion.

  • MacRoberts is a Disability Confident employer, and are committed to disability equality across our firm.

  • MacRoberts fully supports flexible working practices and supports family-friendly working practices.

  • In 2022, MacRoberts received a Bronze Award in Stonewall's Workplace Equality Index for our commitment to LGBTQI+ inclusivity in the workplace.

  • MacRoberts is a longstanding member of Scotland Food & Drink, the leading trade association for Scotland's food and drink industry.

  • MacRoberts is an Associate Member of SELECT, Scotland's largest construction trade association.

MFMac: Morton Fraser MacRoberts
MacRoberts and Morton Fraser have now merged.

You can still contact us as usual, or find out more about Morton Fraser MacRoberts at