Data-Breach.com has dealt with over 14,000 data breach enquiries

Call free

What is Considered a Breach of GDPR?

what is considered a breach of GDPR?

Eleanor Watts

Eleanor Watts is a skilled solicitor who specialises in handling data breach cases and leads the dedicated team at the Data Breach department. Her journey began at the University of Nottingham, where she earned her law degree, and later pursued her masters in law from the University of Law. Becoming a qualified solicitor in 2021 after completing her training, Eleanor's focus turned to data protection and privacy claims, a field she's excelled in since the implementation of GDPR in 2018.

Here in the UK, we have legislation designed to protect personal data. In this post, we take a look at data law and explain what a data breach is as well as some of the terminology used within this legislation. We’ll also take a look at the eligibility requirements that need to be met in order to start a claim for a data breach and the ways in which a solicitor could help you when seeking compensation.

To find out more, you can:

 

What Is The UK GDPR?

The UK General Data Protection Regulation (UK GDPR) is one piece of data protection legislation in the UK. It sits alongside the Data Protection Act 2018 (DPA 2018) to outline the responsibilities of data controllers (those who decide why and how they will process your personal data) and data processors (those who act on behalf of the controller). Data controllers and data processors must adhere to these pieces of data protection laws.

The UK GDPR defines personal data, which is data that can be used to identify a person as the data subject. This includes, for example, your name, date of birth or email address. In addition, the UK GDPR outlines what a data breach is and sets the criteria for claiming compensation.

What Is Considered A Breach Of GDPR?

A personal data breach is a security incident impacting the availability, confidentiality, or integrity of your personal data. A breach of the UK GDPR could lead to accidental or unlawful destruction, unauthorised disclosure, or your personal data being compromised. This could occur accidentally through human error, or unlawfully, such as those who are unauthorised gaining access to personal data transmitted. 

What is the penalty for a UK GDPR violation?

Under this legislation, organisations need to inform the supervisory authority Information Commissioner’s Office (ICO) of a reportable data breach, considered to be one that puts the rights and freedoms of data subjects at risk. 

The ICO is an independent body that upholds data protection rights within the UK. As part of their role, they can investigate data breaches as well as issue fines to organisations for failing to adhere to the legislation and compromising personal data records. 

How long does a company have to report a breach of UK GDPR?

If a data breach occurs, then the organisation must inform the ICO within 72 hours of being aware. Additionally, they are also responsible for sending a personal data breach notification to data subjects (i.e those whose data has been breached) without undue delay, especially if it presents a high risk.  Personal data records concerned with confidential medical details could be one such example.

Can You Claim Compensation For A UK GDPR Breach?

The UK GDPR grants data subjects whose personal data was breached the right to compensation. However, in order to claim, you must meet the criteria laid out in Article 82.

This is as follows:

  • The data controller or data processor did not uphold their responsibilities in adhering to the UK GDPR and DPA 2018.
  • Due to their wrongful conduct, a breach in which your personal data was compromised occurred.
  • Additionally, you must have evidence that shows you experienced harm. This could be damage to your mental health or undue stress, which could be proven with copies of your medical records. Alternatively, you may have suffered financial losses, which could be evidenced with copies of your credit reports or bank statements. 

How Long Do I Have To Make A Data Breach Claim?

Generally, you have 6 years to begin a data breach claim. However, this is reduced to 1 year to bring a claim for breach using Human Rights legislation against a public body. 

Can I Claim On A No Win No Fee Basis?

If you are eligible to claim compensation for a personal data breach, you could seek the support of a solicitor. One of our experienced data breach solicitors could help. 

Usually our solicitors use a No Win No Fee agreement known as a Conditional Fee Agreement (CFA) to provide their legal services. This means that generally, your solicitor won’t ask for ongoing or upfront payments towards their work on personal data breaches. 

Your solicitor will instead deduct a ‘success fee’ from your awarded compensation if your claim has a positive outcome for you. The success fee is taken as a percentage that is limited by the law. If your claim isn’t successful, you won’t be asked to pay this fee, so there is no risk involved making a data breach claim. 

For further information, you can:

Eleanor Watts

Eleanor Watts is a skilled solicitor who specialises in handling data breach cases and leads the dedicated team at the Data Breach department. Her journey began at the University of Nottingham, where she earned her law degree, and later pursued her masters in law from the University of Law. Becoming a qualified solicitor in 2021 after completing her training, Eleanor's focus turned to data protection and privacy claims, a field she's excelled in since the implementation of GDPR in 2018.

We're ready to help you get the compensation you deserve

Alternatively, give one of our solicitors a call free on 0333 241 2521

Lines open 9am – 5pm Mon to Fri

Has your data been handled incorrectly?