As we mark the passing of the second anniversary of the GDPR, we take a brief look at what has changed and what needs to happen to make sure that this key piece of legislation is effective.
In terms of what has happened, the General Data Protection Regulation has put a greater onus on information processors to act more responsibly. It has also given the UK’s data watchdog, the Information Commissioner’s Office (ICO), far greater powers to impose more substantial penalties that could amount to 4% of an organisation’s global annual turnover. It triggered many organisations over-reporting, perhaps in worry over failing to adhere to the law. The system may have struggled to cope as a result of this.
But its introduction has been far from perfect in terms of it being a catalyst for change. Although we would always expect it to take time before such an important piece of legislation takes effect, a huge number of avoidable breaches have still taken place.
Deleting information can be done by request or in-line with how data processors will store and use information. But what about intentionally erasing information that shouldn’t have been erased?
Although we’d like to think that this kind of thing wouldn’t happen, it does. Sometimes, organisations or the people working for them may opt to try and avoid the fallout of a problem by erasing information; i.e. ‘getting rid of the evidence’. This is wrong, and victims should know their rights when something like this happens.
As a leading firm of consumer action and data breach compensation lawyers, we represent victims for this kind of case. Here’s how we may be able to help you.
If the ICO take no further action, does this mean that you cannot make a claim? What if no fine is issued, can you still claim then? What are your rights?
The short answer is that no further action from the ICO (Information Commissioner’s Office) doesn’t mean no ability to make a claim for you. Claims and fines are separate matters, and you could still be eligible for compensation either way.
As a leading firm of consumer action and data breach compensation experts, here’s the insight when it comes to ICO matters and your ability to receive compensation.
We’ve been contacted for help and taken formal instructions forward following customers being notified of the recent Robert Dyas data breach.
We’ve agreed to act for victims affected by the incident on a No Win, No Fee basis. The incident appears to be similar to a number of the group actions we’re already involved with. This includes the British Airways data breach action, which is the first GDPR Group Litigation Order (GLO) in England and Wales; an action we’re on the Steering Committee for. If you’ve received notification that you’re affected by this incident, you can speak to our team now for free, no-obligation advice.
As a leading firm of consumer action and data breach compensation experts, we’re here to help you.
There has reportedly been a potentially serious Portsmouth City Council data breach involving a stolen laptop that contained the data for adults and children.
It’s understood that the device was taken in November and may have contained information relating to family matters as well as health data and school information. In the wrong hands, this kind of data could be used for malicious purposes.
Council data breach compensation claims are one of the more common types of individual legal cases that we take forward. When data is exposed or stolen in such a way, the council could receive a fine and the victims can be entitled to make a claim for compensation too.
GDPR fines and compensation claims for victims are two separate things with separate avenues for recovering money in either case.
Although the GDPR means that fines can now hit the millions, none of that money is designed to be for the victims. Money recovered from financial penalties will normally end up in the treasury with other general government funds like taxes and fines. It can then be used for government spending.
When it comes to justice for victims, you can speak to us about a separate legal action where you can bring a claim for data breach compensation.
Here’s a question that we can answer – can the ICO investigate the police? If they can, how do people get the justice that they deserve as a victim of a data breach?
The reason we’re approaching this is because a lot of people are unsure when it comes to what rights they have for complaints and issues with the police. Some people feel that there’s no one to turn to when a wrong has been committed by the very service that’s there to enforce the law.
But the police are not above the law. Although many of us can be thankful for their hard work and for putting their own lives on the line for our safety, they must still comply with the law. This includes the Data Protection Act, and the ICO (Information Commissioner’s Office) can get involved.
The Dixons Carphone data breach fine has been formally issued by the Information Commissioner’s Office (ICO) for the maximum amount possible under the previous rules.
The cyberattack took place between July 2017 and April 2018, meaning the Data Protection Act 1998 applies as opposed to the GDPR that came into force just a month later. As such, the maximum fine that the retailer could face was £500,000.00, which is what the ICO has issued. Had the attack have continued into the GDPR era, they could have faced fines in the hundreds of millions of pounds mark.
We’ve been representing victims of this data breach for some time now as expert data protection compensation lawyers with a wealth of experience in large consumer actions. As we know a great deal about this breach as it’s one of our live actions, we’re not surprised by the findings and the maximum fine being issued.
It’s official: the first GDPR fine in the UK has been issued to Doorstep Dispensaree for data protection breaches that spanned across a two-year period.
This one involves medical data, which is some of the most personal and sensitive forms of data that there is. Medical data breach compensation claims account for a large proportion of the legal cases that we take forward because of how common they can be, and because of the impact on victims. The impact is often severe because this is the kind of information that we do not want to be misused or exposed.
The breach period, in this case, is between June 2016 and June 2018, which means that it just falls within the GDPR start period from May 2018. The Information Commissioner’s Office (ICO) was reportedly alerted to the breach by the Medicines and Healthcare Products Regulatory Agency (MHRA) who were conducting unrelated enquiries.
News of the New Year’s Honours List data leak incident rounded off what has been yet another year of leaks, breaches and hacks.
You can take it from us – as data breach experts – that news of this breach was nothing to be surprised about. We’re often asked for our expert insight by the media as we discuss what feels like a never-ending carousel of incident after incident, and this latest leak was yet another in what has been a big year for data breaches on the whole.
Our client numbers continue to grow given how often these kinds of incidents are taking place. When personal and sensitive information is misused or exposed, it’s important that victims know their rights.