Human error GDPR breach – legal advice

A huge volume of data breaches in recent years were caused by human error, and the frequency with which such breaches happen does not seem to be lessening. A human error GDPR breach can be no less serious than a mass cyberattack. In fact, it can be due to the mistake or overall negligence of employees that data hacks are allowed to occur in the first place.

In either scenario, vast amounts of information can end up being exposed.

It is simply unacceptable that failing to carry out basic data protection procedures is still a primary culprit of data leaks, even in today’s digital world. Data protection guidelines have been enshrined in law for many years now, and the GDPR should have further moved organsations to repair any holes in their defences, yet human error continues to provoke data breaches. Anyone who has fallen victim to such a data breach may be eligible to claim compensation for any damage caused to them, so contact us if you would like to be advised on your right to claim.

Examples of human error data breaches

There are many instances of data breaches where a few wrong clicks have triggered a mass data leak. One of the most common examples is that of accidental emails, whereby a data leak is caused when a sender accidentally attaches a personal data file, or forgets to anonymise the recipients of an email using the blind carbon copy (BCC) feature. This mistake was made in a human error GDPR breach at Bristol City Council, in which an employee mistakenly sent out the names and email addresses of children with disabilities and special educational needs in a mass email. It also happened in the infamous 56 Dean Street Clinic leak.

In reality, there are many platforms available for mass email campaigns, and the CC and BCC method is outdated and dangerous in our view.

In addition, on some occasions, a data breach can be caused when information is unintentionally made accessible online. This could be due to an accidental website publication or a failure to secure a database. For example, in the Virgin Media data breach, a marketing database was left unsecured for a ten-month period, such that email addresses, postal addresses and phone numbers were accessible to unauthorised users. Whilst the error should never have been made, it should have also been picked up by routine data security monitoring in our view.

We are currently representing claimants in a group action against Virgin Media.

Your rights under the GDPR

The GDPR is designed to hold those at the root of data protection negligence responsible for their actions, as well as preventing incidents from occurring. When a human error GDPR breach occurs, liability is not shifted onto a few employees – the whole business or organisation can be found negligent, as this is where ultimate responsibility lies.

In a GDPR claim, data breach victims could be eligible to claim for ‘material’ and ‘non-material’ damages. This can mean that compensation can cover financial losses and expenses and also the distress suffered.

We represent many claimants who have only suffered distress, so you do not need to have experienced a financial cost to be able to claim.

Start your claim for a human error GDPR breach

If you have suffered the harmful consequences of a human error GDPR breach, we encourage you to contact us for free, no-obligation advice on your potential claim.

Human error is never an excusable cause of a data breach, so you could be entitled to thousands of pounds in compensation under the GDPR.

Claims for the Robert Dyas data breach

Watford Community Housing email leak