What is a GDPR breach?
In our digital era, personal data is immensely valuable. Unfortunately, our data can sometimes fall into the wrong hands. Every day, we willingly share our information with many different organisations, and if these entities happen to lack robust methods of data protection, our personal data is left vulnerable to breaches, which can cause a number of issues, both financial and personal.
This article will cover key topics such as the definition of a data breach, what an organisation’s responsibilities are if the aftermath of a breach, and what you can do if your data has been compromised.
If your personal data has been exposed, due to the mistakes or negligence of a company, you may have the opportunity to pursue a data compensation claim. To discuss a GDPR data breach today, please get in touch with our expert data breach claims solicitors at Hayes Connor.
What is the GDPR?
The General Data Protection Act refers to a data protection law that covers both the EU and the UK. Both the GDPR for the EU and the GDPR for the UK follow the same key principles, however, the UK version was amended slightly to ensure that the rules were suitable for the UK after Brexit.
UK GDPR covers areas such as:
- What is defined as personal data, i.e. the information that can identify a person.
- The difference between data processors and data controllers and responsibilities of both in terms of GDPR data handling.
- The processes that must be followed where processing personal data, such as consent, and legal obligations.
- The rights that individuals have with regard to their personal data, including rights to erase, access or adjust data stored.
- Organisations are required to report the individuals concerned where a data breach has occurred.
- Information regarding the appointment of Data Protection Officers, and the responsibilities surrounding data compliance.
What is a breach of data protection?
There is often confusion about what a GDPR data breach is, including what these breaches involve, the type of information, and the potential negative repercussions.
A breach of data protection refers to an incident whereby personal data stored by an organisation has been disclosed, altered, destroyed, lost, or accessed without authorisation.
Data that can be used to identify an individual is considered to be personal data. This includes financial information, email addresses, and phone numbers. It may also include location data, identification numbers, and data associated with an online identity.
Any time that there is a security based incident that exposes or compromises data that an organisation had the responsibility to protect, this incident is deemed a GDPR data breach. The incident is viewed as a breach of integrity and confidentiality.
How do GDPR data breaches happen?
A data breach can occur in many different ways, such as:
- Where an individual gains access to personal data that they do not have the authority to access, this may be either accidentally or intentionally.
- Where personal data is mistakenly destroyed or lost.
- Incidents where personal data is compromised as a result of a cyberattack.
- Incidents whereby personal data is accessed as a result of hacking.
- An individual is tricked to offering their personal information, for example financial details, as a result of a phishing scam.
- A data breach is caused by a mistake, for instance, where an employee accidentally emails personal data to the wrong recipient.
Where a breach of GDPR has occurred for any of these reasons, the organisation involved must follow the appropriate protocol. If you believe that the company concerned has acted negligently, we can provide the support you need.
What is the maximum fine for a GDPR breach?Top of Form
Fines for failure to properly comply with the UK GDPR are separated into two tiers, these are as follows:
- A maximum penalty fine of 4 per cent of the organisation’s annual turnover, or £17.5 million, depending on which sum is greater, where the rights of an individual or the data protection principles have been infringed.
- A maximum penalty fine of 2 per cent of the organisation’s annual turnover, or £8.7 million, whichever sum is greater, where other provisions have been infringed, for instance, administrative rules regarding GDPR legislation.
How long does a company have to report a data breach?
Where a personal data breach occurs, the organisation is required to report this to Information Commissioner’s Office (ICO) as soon as possible, and no later than 72 hours since first becoming aware that a breach has occurred. Where companies report a breach within a longer time frame, they will be required to explain the delay.
When reporting a personal GDPR data breach to ICO, it is necessary to include the following information:
- A description of the breach, including the data breach categories and an approximation of how many people have been affected.
- The contact details of the data protection officer, or where the organisation does not have an officer, another suitable person who can provide key info.
- An explanation of what may be the likely consequences of the data breach.
- A description of how the personal data breach will be dealt with, including steps to reduce any negative outcomes.
How can a GDPR data breach negatively affect an individual?
Where a personal data breach occurs, unless the breach is dealt with appropriately and quickly, the incident can have many negative outcomes for an individual. Such negative results may include restriction of rights, discrimination, financial damages, or fraud.
Where an organisation is obligated to safeguard an individual’s data, and a breach has occurred, both the organisation and the individual are urged to seek legal support.
What are my rights if my personal data is exposed?
Under GDPR data protection law, if your personal data is exposed, you may be able to pursue a data breach protection case in Court.
Pursuing a data breach case means that you can enforce your rights and claim compensation for loss of privacy, financial damages and/or emotional distress.
If you would like to learn more about data breach compensation, please contact our team at Hayes Connor, to discuss your potential claim. We appreciate that breaches in data protection can cause much anxiety, and always ensure to provide sensitive and proactive assistance.
What should I do if I’ve experienced a personal data breach?
If your personal data has been exposed in a data security incident, it is advisable to change your passwords immediately. In addition to this, you should set up a security notification for your credit reports.
Where a company has failed to adhere to GDPR rules, or has lost your personal data, you may be eligible to raise a data breach claim against them.
To find out more about what a GDPR data breach is, and how you might be eligible to pursue a claim, please contact our experts at Hayes Connor.
How can Hayes Connor help
If your data has been leaked or compromised, our solicitors may be able to support you make a data breach compensation claim. We can act for many clients on a no win, no fee basis, removing the financial risk of pursuing the claim.
To find out whether you may be about to claim for a GDPR data breach, fill out our secure online claim form to share the details of your situation and we will get back to you shortly to let you know whether we can help.
Our solicitors can support clients to claim for data leaks, data protection breaches, and GDPR compensation. To find out more, contact Hayes Connor today.