Data breach lawyers in London and Thames Valley

A data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.

Data breaches cover a wide range of incidents. Some common examples include:

• Sending personal data to the wrong email recipient
• Proving data following a phishing scam
• Hacking of passwords, email accounts, networks and systems
• Accessing personal data on lost laptops or mobile devices
• Theft or loss of hard copy documents

All data breaches must be recorded by the controller, but only breaches which are likely to result in a risk to individuals’ rights and freedoms must be proactively notified to the ICO and only high risk breaches must be proactively notified to the individuals whose personal data is affected which must be assessed on a case-by-case basis and will be dependent on whether such individuals are likely to suffer harm as a result of the data breach.

The penalties for not complying with the data protection principles in UK GDPR law includes fines of up to £17.5 million or 4% of a company’s total worldwide annual global turnover.

Failing to notify a breach when required to do so can result in administrative fines of up to £8.7 million or 2% of annual global turnover, whichever is higher.

When deciding whether to make a report, you must consider the risk to the individual including the nature of the personal data, the severity of the breach, the possible consequences for the individual.

A data breach should be reported without undue delay (if it meets the threshold for reporting) and within 72 hours of becoming aware of the breach.