In this increasingly digitised world, many of our most common interactions take place online. From doing the weekly shop to making a GP appointment, many of us will turn to an app if we have the option.
However convenient this may be, it isn’t without its downsides. Our reliance on online services means we are sharing personal data with a growing number of organisations – in fact, a recent study showed the average person has 240 online accounts. If each of these accounts contains some of our personal data – our name and address, for instance – that’s a lot of opportunities for our data to end up in the wrong hands.
Luckily, there are regulations designed to help protect our personal information from being exposed. In this post, we’ll look at one of them in particular – the General Data Protection Regulation (GDPR). We’ll explain how it works and what you can do if your data has been handled inappropriately.
So, if you’ve found yourself asking “what is a breach of GDPR?”, read on to find out everything you need to know.
What is the GDPR?
The GDPR is a Europe-wide data protection regulation, first introduced across the EU in 2018. The UK adopted its own variant – the UK GDPR – when it left the EU in January 2020.
The aim of the GDPR is to ensure that your personal data is properly stored and safeguarded. It places a number of obligations on organisations that process personal data. For instance, they must protect it against unauthorised access and ensure that it’s accurate and up-to-date.
It’s also important to be aware that the GDPR doesn’t just apply to companies based in the UK or EU. Any organisation that processes data of EU or UK citizens must abide by its rules, wherever it might be based.
What counts as a breach of GDPR?
A GDPR breach can take many forms, but generally speaking it involves an organisation failing to meet the obligations set out in the legislation. This can include:
- Unauthorised disclosure. If your data is shared with a third-party who isn’t authorised to access it, this could be a breach of GDPR. This applies even if the disclosure was accidental. A common example is when an email intended for you is sent to someone else – particularly if this email contains sensitive personal data.
- Data theft. The most notorious kind of data breach comes from cyberattacks, in which criminals gain access to an organisation’s IT system and steal personal data. This is often used to extort a ransom from the organisation or to target individuals with phishing attacks.
- Storing data longer than necessary. The GDPR mandates that organisations should only store data as long as is required for the intended purpose. If they continue to keep your data when they no longer need it, this could be a breach of GDPR.
- Inadequate security measures. Organisations that store personal data have a responsibility to protect it against all kinds of unauthorised access. If they don’t have appropriate data protection processes in place, they may have breached the GDPR.
These are just some of the most common ways in which a breach of GDPR can occur. If you’re concerned about how an organisation has handled your data, you can always consult an experienced data breach solicitor to find out if have been victim of a data breach – and if you may be able to seek compensation.
What are the penalties for a breach of GDPR?
The penalties for a breach of GDPR will depend on how severe the breach is. Key factors include how much data was exposed and how sensitive the data is. In the UK, the GDPR is enforced by the Information Commissioner’s Office (ICO), who have the power to issue warnings and reprimands as well as fines.
Particularly serious breaches of the GDPR can lead to significant fines for those responsible. The ICO can issue a maximum fine of £17.5 million or 4% of a company’s annual worldwide turnover, whichever is higher.
How do I know if my data has been breached?
If your data is exposed by a data breach, the company responsible is required to notify you as soon as possible if it is likely to put your rights at risk.
For example, if your personal data has been exposed in a cyberattack, this could lead to significant consequences for you, including identity fraud. In a case like this, it is likely the organisation will notify you directly.
What should I do if my data has been breached?
If you have been a victim of a data breach, there are a few simple steps you can take to help stay safe and avoid further consequences. These include:
- Changing your passwords and adding two-factor authentication to your online accounts.
- Double-checking whether emails and phone calls asking for personal information are legitimate, even if they appear to come from trusted organisations
- Checking your bank statements for any unfamiliar transactions
If a data breach has had negative consequences for you – for instance, if it has led to financial losses or emotional distress – you may be entitled to claim compensation. Read on below to find out how.
Secure your data breach compensation with HNK Solicitors
So, now you have the answer to the question “what is a breach of GDPR?”. But you may have further questions, especially if you’re been affected by a breach of GDPR yourself.
If your data has been exposed through a GDPR breach, you may understandably feel distressed. If the data is particularly sensitive, you may have faced personal embarrassment or a disruption to your professional life. You may have even been affected by identity theft or financial losses.
But if you’ve faced any of these negative consequences, it’s important to be aware that you have the right to seek compensation. If you think you could be entitled, your best option is to consult a solicitor with a detailed understanding of data breaches.
At HNK Solicitors, we’ve helped many clients secure compensation as a result of a data breach – take a look at some of our recent successes on our case studies page. We offer free consultations with no obligation, so get in touch today to discuss your case. You can call us on 0151 668 0809, email us at firstname.lastname@example.org. Or fill out our contact form and we’ll be in touch.