How Can A UK GDPR Breach Happen And When Could You Claim?

A GDPR breach in the UK

What Is A UK GDPR breach guide

In the UK, there is legislation in place that aims to keep certain types of data safe from unlawful use or access. Yet despite this, data breaches do happen. On the page below, we aim to provide some background on how a UK GDPR breach can occur, and why. Additionally, we will also briefly cover making a compensation claim if your own data has been exposed.

If you do intend to make a data breach claim, you must understand that each claim is unique. This guide will only cover basic information about making a claim. Due to this, we might not answer all of your questions. But we can offer you a route to getting those answers. Just reach out to our claim advisors on 0800 408 7825. They can answer all of your questions for you. Alternatively, request a callback using our contact form.

Select A Section:

What Is A UK GDPR Breach?

There are regulations in the UK that are intended to provide a framework for safeguarding some types of data from unlawful use or access. However, there are two primary bodies of legislation that apply. These are the Data Protection Act 2018 (DPA) and the UK take on the General Data Protection Regulation (UK GDPR).

Compliance with these regulations is policed by a governing body known as the Information Commissioner’s Office (ICO). The ICO has a fairly wide remit, which includes taking punitive actions against organisations that fail in their legal obligation to comply with these regulations.

When an organisation fails to comply with data privacy and security laws, this could put your data at risk. If your data is exposed, this could lead to you suffering mental hardship, or monetary loss. If you can prove that the organisation failed to keep your data safe, in line with regulatory requirements, you might be able to claim for a UK GDPR breach.

What Data Is Covered By UK Legislation?

Not all data is protected by law in the UK. Only certain types. Data that is categorised as either personal data or special data. Below, we give a brief explanation of each of these.

  • Special category data – this encompasses the type of information that reveals something about you, and that could potentially be exploited in some way. Examples might include your genome data, medical records, sexual persuasion, race or religious beliefs.
  • Personal data – in general, this is all uniquely identifying data, or uniquely owned data. Some examples would be your phone number, email address, postal address, date of birth, name, and financial information such as your bank account, credit card or debit card details.

How Do UK GDPR Breaches Happen?

A UK GDPR breach can happen due to a number of reasons. A simple mistake, due to human error is one way. Inadequate staff training can mean that individual employees are unaware of their data privacy responsibilities. Ineffective cybersecurity protocols can also lead to data breaches. Further, some data breaches are the direct result of cyberattacks.

UK GDPR Breach Examples

There have been a number of high-value data security incidents in the UK since GDPR was put in place. Here are a few examples.

  • Google – back in 2019, the company was hit with a £43.2 million fine by the French data security regulator. Due to not seeking full consent from its users, and not making data use policies accessible.
  • British Airways – the airline received a £20 million fine from the ICO due to their negligence allowing a hack that exposed data related to over 400,000 customers.
  • Marriott International Hotels – this hospitality firm was handed a £18.4 million fine by the ICO. Due to a hack, caused by a successful cyberattack, that exposed the credit card information of over 300 million of its customers.


When Should UK GDPR Breaches Be Reported?

The organisation that suffered the data breach, should report it to the ICO within 72 hours if it affects the rights and freedoms of those whose data they process. They may also need to send you a data breach notification to tell you the breach has happened.

How to report UK GDPR breach personally? This is done by making a complaint to the ICO. This should be done within three months of your last meaningful communication about the breach with the organisation.

Data Breach Compensation Calculator

If your personal data breach claim is successful as part of the settlement you might receive non-material damages. These type damages cover mental health issues that have resulted from the data breach.

The table below gives examples of mental illness that might be applicable for data breach claims. We based this on the guidelines provided by the Judicial College. These are used for valuing injuries. You could also try using our compensation calculator.

Psychological Issue Severity Notes Compensation
PTSD Severe The person suffers from post-traumatic stress disorder. The person cannot hold down a job or at least cannot function at the same level as before the trauma. There may be lifelong effects for the person. £56,180 to £94,470
PTSD Moderately Severe Post-traumatic stress disorder is present in this case. In this category, the person is more likely to make a better recovery since professional assistance could be helpful. It is still possible that the effects could result in measurable disability, which may last for quite some time. £21,730 to £56,180
PTSD Moderate The person is suffering from post-traumatic stress disorder. In these situations, the individual is likely to be fairly well recovered, and any further mental health problems are unlikely to significantly impede their progress. £7,680 to £21,730
Psychological damage Less Severe A disability award is partially determined by how severe the impairment is and how long it has lasted. Furthermore, there is a category for minor injuries. £1,440 to £5,500
PTSD Less Severe A post-traumatic stress disorder was diagnosed in this case. An individual can usually expect a full recovery within a year or two of diagnosis, and minor symptoms shouldn’t last longer than two years. £3,710 to £7,680
Psychological damage Moderately Severe Depression and anxiety are among the mental disorders. Even though awards support both ends of the bracket, the majority of them fall somewhere in the middle.  £17,900 to £51,460
Psychological damage Severe The quality of life of those who suffer from mental health issues, such as depression and anxiety, is going to be affected negatively. £51,460 to £108,620
Psychological damage Moderate Despite depression and anxiety concerns, there will have been a significant improvement at first, and the prognosis will be positive.  £5,500 to £17,900

What Are Material Damages?

The previous section talked about non-material damages paid for mental harm. Now we need to cover material damages. These are paid to make up for financial losses. Either those already faced, or losses that are predicted. For example, if a cybercriminal used your credit card to make purchases online, you could be liable for this debt. You could potentially mitigate it by claiming for material damages.

You don’t have to have suffered financially to claim for non-material damages. The case Vidal-Hall and others v Google Inc was heard in the Court of Appeal in 2015. The claimants won the claim, and received non-material damages, even though no financial losses occurred. This set a precedent that could enable you to do the same.

Start Your Claim For A UK GDPR Breach

We may be able to arrange for a No Win No Fee solicitor to process your data breach claim for you. You would not pay a new claims fee, and the lawyer won’t expect to receive a fee if the claim fails. If the claim is won, a pre-agreed and legally limited success fee may be due, however.

Do you want to find out more about making a compensation claim for a UK GDPR breach? Then use the contact information below to get in touch with our advisors. They can help you further with this.

Telephone: 0800 408 7825

Or use our webchat or contact form.

Further Data Breach Resources

Here are some related guides.

Housing Association Data Breach Claims

Hospital Data Breach Compensation Claims

Data Breach Claims Against A Solicitor 

And here are some useful web links.

Actions The ICO Has Taken

Cyber Security Breaches Survey 2021

The Seven Principles Of UK GDPR