What is a Data Protection Breach?

Advice on identifying a Data Breach

Article 4 of the General Data Protection Regulation (GDPR) defines a data protection breach as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.” This definition is quite broad and therefore it is important that you can identify when a data breach has occurred no matter how minor the breach may seem. It is also important that you are aware of your rights.

Personal data breaches are:

  • access by an unauthorised third party
  • deliberate or accidental action or inaction by an organisation
  • sending personal data to an incorrect recipient, for example an email or letter
  • theft of personal data
  • alteration of personal data without permission

Here are some practical examples:

The theft of an organisation’s customer database, the data of which may be used to commit identity fraud. It is the organisation’s responsibility to keep your personal data safe and secure. If an organisation fails in this duty you have the right to make a claim for compensation. As result example of such a breach was the case involving British Airways in which the data of 500,000 customers was compromised.

A GP suffers a breach that results in an accidental disclosure of patient records. There is likely to be a significant impact on the affected patients because of the sensitivity of the data and their confidential medical details becoming known to others.

A school discloses the records of pupil which includes safeguarding measures to another pupil or parent. Again, this is likely to have a serious effect on the pupil in question and is likely to cause a great deal of distress and anxiety.

An organisation disclosing the name, address and contact number to a third party organisation without the permission from the individual in question. The third party organisation then use the personal data to make nuisance sales and marketing calls for an extended period of time.

A bank accidently sends an email containing the account details of a customer to the wrong recipient. This has the potential to cause serious financial problems for the customer given the risk of cybercrime and identity theft.

Data protection breaches can cause financial harm as well as distress and psychological harm in the form of anxiety, worry, embarrassment or feelings of violation.

Financial Harm

If your personal data has been breached you could find your self a victim of identity theft or cyber theft. Criminals could use your identity to open bank accounts or credit cards or they could use your personal data to steal from your bank account, credit cards or any other online payment method. It is important to keep yourself safe from online threats however if you have been a victim of identity or cyber theft, we can help.


Regardless of whether you have suffered any financial loss you can still make a claim if the data breach has caused you distress.
Data protection breaches can have a significant impact on the victim. If you have suffered from upset, anxiety, embarrassment or the breach has caused you physical injury or symptoms, please complete our claim form and we will help you claim for compensation.

If you have been the victim of a data protection breach you have the right to compensation. Get in touch via our website and our team will review your claim and start the compensation process.