Companies that breached data
Full list of companies that were found guilty of data breach and you could be owed thousands from in compensation
- Virgin Media
- British Airways
- Easyjet
- Ticketmaster
- Equifax
- Marriott Hotels
The General Data Protection Regulation (GDPR) came into effect in 2018 and unifies the rules for processing personal data by private and public companies. The regulation aims to ensure the protection of personal data across all industries. The principles for the processing of personal data under the GDPR are:
There has been a lot of confusion surrounding what can be classed as a breach of GDPR and what can’t be. In the GDPR a personal data breach is defined as ‘a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.’ To explore this further personal data breaches can be organised into three categories:
A data breach could possibly involve all three categories depending on the nature of the circumstances.
When a company is dealing with business transactions in the past it could have been assumed that personal data strictly refers to account or ID numbers, as well as addresses and dates of birth. Whilst this type of data should still be kept secure the GDPR has expanded the definition of personal data.
Now, personal data is related to “any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier”. This means that social, mental, economic, cultural, and even genetic information will now be considered personal data that is to be protected by GDPR requirements.
The national supervisory authorities are required by the GDPR to impose certain warnings or fines on data protection offences. Any person who believes that the processing of their data personal data is being done unlawfully has the right to lodge a complaint with the ICO (Information Commissioner’s Office).They can then conduct an investigation into the security measures at that organisation and the degree to which they were at fault and impose a fine based on their findings.
Whether the cause is a cyber-attack, software errors, hardware failure or human error all companies are obliged under the GDPR to report any violation of the protection of personal data to a data protection supervisory authority. Article 33 of the GDPR states that notification of a breach of personal data protection by the responsible party must be made to the competent supervisory authority (ICO) straight away, and if possible within 72 hours of becoming known. If there is a delay in the obligation to register, a reasonable justification for the delay must be provided.
Also, it is important that there is a duty of documentation, so the person responsible must ensure all factors that led to the GDPR breach are clearly presented and documented. The better the company is prepared for a potential GDPR infringement the better the chances of only receiving a small fine or even just a warning.
A GDPR violation can happen to any company. The best way to minimise the risk of a breach in an organisation and the resulting consequences is to take preventative measures. As well as having a strong crisis communication strategy, it is advisable to appoint a data protection officer (in some cases this is mandatory). To be sure of the strength of data security in a business, and actively counteract a GDPR violation all applications and software products used by the company should be checked to ensure they comply with GDPR regulations.
1) Companies need to provide a clear explanation for collecting personal data
Many companies collect a user’s data without their knowledge. Even if the user doesn’t mind there needs to be a clear explanation of how that data will be used. In accordance with GDPR principles, a person must give explicit consent for how their data is being used.
2) Victims must be alerted to any risk
If a breach does occur, the company must contact the affected individuals straight away. According to GDPR principles, it is not appropriate or sufficient to release news of a breach through a press release, on a website, or through the use of social media.
3) GDPR compliance can differ from one company to the next
Compliance has a lot to do with a company’s size, the personal data that is collected via internal communications methods like a team app, as well as the goods and services that are offered.
If you think you have experienced a GDPR data breach contact us today and we can put you in contact with data breach solicitors. They can investigate your data breach claim and see if you have a case that is worth pursuing. If you do have a strong case you could be entitled to compensation not just for the risk of having financial information exposed but for any emotional distress or anxiety you had about having your personal data compromised.
Check free if you're owed an average £4,000 refund
Start My FREE Data Breach Claim 100% Safe & secure, no win no fee checkFull list of companies that were found guilty of data breach and you could be owed thousands from in compensation