Home   Business   Article

Subscribe Now

Data breaches: what are they and what can you do?





Sponsored feature | Rebecca Quinn, partner, HCR Hewitsons

Rebecca Quinn, of HCR Hewitsons. Picture: HCR Hewitsons
Rebecca Quinn, of HCR Hewitsons. Picture: HCR Hewitsons

Over the last year, we have seen a substantial increase in clients contacting us about data breaches. Some of these have been external attacks and some internal human error. Breaches pose significant risks to individuals and organisations; the global average cost of a data breach in 2024 has increased to more than £3million.

They can be a hugely detrimental cost to businesses in reputation, trust, and operations. A data breach occurs when sensitive, confidential, or protected data is accessed, disclosed or used without authorisation.

Legal implications are severe, making it crucial organisations understand their responsibilities and the steps they can take to mitigate the risks.

Data breaches are not just a cybersecurity issue, nor only pose issues to operational factors, but can be a violation of data protection laws such as UK GDPR – the retained EU version of General Data Protection Regulation and the Data Protection Act 2018. A breach of this can lead to substantial penalties, lawsuits and reputational damage.

Understandably with data protection, prevention is the best defence. Ensuring that you have policies and agreements in place can help mitigate against the risks of being subject to a breach.

These include robust data protection agreements with those whom you share personal data, clear data protection policies within your organisation, and a good awareness of the importance of data protection throughout all aspects of your business. It is important to ensure suitable legal advice is sought when putting a robust agreement in place, along with reviewing your own policies to ensure they adequately provide protection both to employees, customers and the business itself.

However, unfortunately, data breaches can still happen. Here are a few key steps to take once you are aware a data breach has occurred.

Act quickly: do not panic but act in a timely manner in accordance with a response plan tailored to your business needs. This may include shutting down certain servers, or cutting access to certain parts of the business.

Consider whether you need legal advice. This may include advising on whether you need to report to the Information Commissioner’s Office (ICO) and whether and how you should report to data subjects regarding the breach.

Set up safeguards to ensure mitigate against reoccurrence.

Recently we have assisted with a client who, due to human error, released sensitive data to someone who was not supposed to receive it. We assisted with reporting to the ICO and produced, and tailored, letters to send to each of the data subjects affected.

Overall, data breaches are not just a technical issue – they are a significant legal risk. By implementing strong security measures, training employees and preparing for potential breaches can reduce the likelihood of breach and minimise the impact. Staying informed is essential in safeguarding both you clients and your business.

For more information, contact Rebecca Quinn, partner, commercial team, on 01223 447430 or 07467 718913.

Visit hcrlaw.com.



This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies - Learn More