Your data Handler Has A Duty To Protect It
GDPR Breach Claims
The General Data Protection Regulation (GDPR) is an EU Directive (or law) that the UK has incorporated within its own law.
In the UK, the Data Protection Act 2018 recently replaced the old Data Protection Act of 1998 and introduced additional protections.
This new act gives unprecedented legal rights to people who have personal information stored with other parties.
For some businesses, data on what customers purchased, how they purchased it, why they purchased it, where they purchased it from etc. is used as vital business growth information.
Unfortunately, you as an individual had very little authority on how your data was being used, and what data was being collected.
As we progress in a data hungry world, more and more information was being collected and which gave way for the 1998 Act to be reviewed and repealed (replaced) with the GDPR.
What is GDPR?
General Data Protection Regulation
In 2018 the data protection act was released with new GDPR legislation.
The GDPR gives you, the supplier of data, more choice, protection and visibility on how your data is collected, used and stored. It is also easier than before to choose to opt in and opt out of certain data being collected.
The GDPR guidelines also tell companies how they must protect sensitive and personal information that their customers give them.
In today’s online frenzy, it is not unheard of for companies conducting millions of transactional data per day. Storing countless amounts of data and information from each transaction and cross-referencing them against other databases to get a better picture of their customer.
This data, however collected, needs to be stored and saved somewhere secure and made inaccessible to the public and / or encrypted so it cannot be deciphered.
There are also employee guidelines that protect your data from employees.
A data breach is when you have had your data stolen or passed without your consent or knowledge.
A severe data breach is when your data is personal and sensitive, e.g. Your bank details, your medical records, your legal history etc. This is a serious GDPR Breach, and can cost you money, stress and time to put right.
Recent data breaches adn GDPR Breach cases have been covered heavily on the news. Some companies in the list below may surprise you, but your information may have been on their database.
Below is a list of companies that have had a documented GDPR Breach since the turn of the century (in no particular order):
- Adobe – October 2013 | 153 million records stolen
- Adult Friend Finder – October 2016 | 412.2 million accounts
- Canva – May 2019 | 137 million accounts
- Ebay – May 2014 | 145 million users
- Equifax – July 2017 | 147.9 million users
- Dubsmash – December 2018 | 162 million users
- Heartland Payment Systems – March 2008 | 134 million credit cards exposed
- LinkedIn – 2012 AND 2016! | 156 million user accounts
- Marriot International – 2014 – 2018 | 500 million customers
- My Fitness Pal – February 2018 | 150 million user accounts
- MySpace – 2013 | 360 user accounts
- NetEase – October 2015 | 235 million user accounts
- Sina Weibo – March 2020 | 538 million accounts
- Yahoo – 2013 to 2014 | 3 billion user accounts
- Zynga – September 2018 | 218 million user accounts
- Boots Advantage Card – March 2020 | 150,000 people.
- Virgin Media – April 2019 to Feb 2020 | 900,000 people.
- Tesco Clubcard – March 2020 | 600,000 customers
- MGM Resorts – 2019 | 10.6 million guests
- Facebook – 419 million telephone number left exposed (18 million British users)
- Suprema – August 2019 | over 1million fingerprints and face recognition information.
- Cathay Specific – 9.4 million passengers
- British Airways – August 2018 to September 2018 | 380,000 card details
- Carphone warehouse – June 2018 | 10 million compromised accounts
- Ticketmaster – February 2018 to June 2018 | 5% of customers (figure not given)
- Uber – 2017 | 57 million uber users
- SystemONE (GP Surgery information) – March 2017 | 26 million patients
- Three – November 2016 | 200,000 customers
- Bupa – July 2017 | 108,000 customers
- TalkTalk – 2015 | 150,000 customers
- EasyJet – May 2020 | 9 million customers
Identity theft is one of the serious repercussions of a data breach; new accounts made by criminals using your identity and details, this is not what you signed up to when you made the initial transaction.
Its important to report suspicious activity on your account, clear it straight away with your lender or bank immediately.
Once a GDPR breach happens, it is regulation for the company to contact you to inform you that your data has been compromised, stolen or made visible to a third party.
Once you have received this letter, you should contact your bank and change all possible related passwords and account details.
Your details may already be in the market with transactions happening behind the scenes.
The letter that is sent to you by the company is an admission of liability. Keep this safe and get in touch with us.
We have specialist GDPR lawyers and data protection experts who can swiftly get you compensation for the breach. From £500 to £50,000 depending on the severity of the data breach.
Remember, it’s your personal data. It’s your right to claim if the company in charge of keeping your data safe, simply hasn’t done what they should have and kept your personal data safe.