Many thanks for your patience. Fist of all, the GDPTR only protects personal information relating to an individual. So if it was just your company details which were shared, then that is not a GDPR issue, but if your personal details were shared as well, then it would be.
If it was just company details, then you can only take it further legally if you have suffered losses as a result of that breach of confidentiality.
If it was your personal data that was shared, then you can consider taking it further. #
The first step is to consider reporting the alleged breach to the Information Commissioner’s Office (ICO). They are the regulatory body that deals with data protection breaches and have certain powers at their disposal to deal with them, such as fines and sanctions. However, they will not award compensation to the victim so the only way to try and do this is by going through court.
What the ICO can do, if a breach is reported to them, is order the company to do the following:
- impose a temporary or indefinite ban on the processing of data
- force them to comply with your request
- provide any required information
- warn and admonish
- order rectification, erasure or destruction of specific data
In addition, they can impose severe financial penalties and fine the company in breach.
If the victim wanted to take formal legal action, they may do so under Article 77 of the GDPR. There is no need to show that financial losses have been suffered and compensation can be sought for mere distress caused by the alleged breach. The level of compensation will depend on the severity of the breach and the effects it has had on the victim.
Does this answer your query?