Do you know what a personal data breach is?

legal updates

If a security incident has taken place, you should quickly establish whether a personal data breach has occurred. If yes, promptly take steps to address it, including telling the ICO if required. You need to keep a log of any breaches, record the details, and actions taken.

Read our disclaimer keyboard_arrow_down

This website content is intended as a general guide to law as it applies to the motor trade. Lawgistics has taken every effort to ensure that the contents are as accurate and up to date as at the date of first publication.

The laws and opinions expressed within this website may be varied as the law develops. As such we cannot accept liability for or the consequence of, any change of law, or official guidelines since publication or any misuse of the information provided.

The opinions in this website are based upon the experience of the authors and it must be recognised that only the courts and recognised tribunals can interpret the law with authority.

Examples given within the website are based on the experience of the authors and centre upon issues that commonly give rise to disputes. Each situation in practice will be different and may comprise several points commented upon.

If you have any doubt about the correct legal position you should seek further legal advice from Lawgistics or a suitably qualified solicitor. We cannot accept liability for your failure to take professional advice where it should reasonably be sought by a prudent person.

All characters are fictitious and should not be taken as referring to any person living or dead.

Use of this website shall be considered acceptance of the terms of the disclaimer presented above.

Recently I was asked about a personal data breach and what action should be taken. The query prompted me to focus this legal update on such occurrences. Personal data breaches are not a subject matter that we discuss every day, so it is very important for our members to be reminded of their responsibilities.

The Information Commissioner’s Office (ICO) defines a personal data breach as:

“A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes. It also means that a breach is more than just about losing personal data.”

Examples of personal data breaches are:

  • Allowing unauthorised third parties access to your computer by leaving your device unlocked and/or unattended.
  • Personal data being lost or stolen, i.e., leaving a company laptop/tablet on public transport.
  • Sending personal data to the wrong person, such as an email containing a customer’s details being sent to the incorrect recipient.

If a security incident has taken place, you should quickly establish whether a personal data breach has occurred. If yes, promptly take steps to address it, including telling the ICO if required. You need to keep a log of any breaches, record the details, and actions taken.

Now, you are probably thinking most of us have, accidentally and/or unknowingly, sent emails to the wrong person. However, you must assess the risk of what was contained in the email and the potential of what the incorrect recipient will do with the information.

The focus of risk regarding breach reporting is on the potential negative consequences for individuals. Recital 85 of the UK GDPR explains that:

“A personal data breach may, if not addressed in an appropriate and timely manner, result in physical, material or non-material damage to natural persons such as loss of control over their personal data or limitation of their rights, discrimination, identify theft or fraud, financial loss, unauthorised reversal of pseudonymisation, damage to reputation, loss of confidentiality of personal data protected by professional secrecy or any other significant economic or social disadvantage to the natural person concerned”

If a breach is likely to result in a high risk to the rights and freedoms of individuals, the UK GDPR says you must inform those concerned directly and without undue delay. In other words, this should take place as soon as possible.

If you have any concerns regarding personal data breaches, we suggest you visit the ICO’s website https://ico.org.uk/ Alternatively, you can always contact the Lawgistics legal helpline for advice and assistance.

HowdenCompetitive, comprehensive, quick

One of the largest independent specialist motor trade brokers in the UK. Our extensive history of supplying insurance to the motor trade means we understand your business needs. By partnering with a specialist insurance broker like us, you get exactly what you need to protect your business.

John McDougallLegal AdvisorRead More by this author

Related Legal Updates

Time to review your privacy policy?

Our members should be aware of whom they are sharing their data with, and ensure any third-party companies are registered with the ICO.

Data Protection is real and mistakes can cost your business

Most fines from the ICO are against large companies that send out unsolicited marketing messages.

Are you ready for the UK’s data landscape change?

The ramifications for not having the correct policy and procedures in place could be costly, not only by a fine from the ICO for not paying your fee, but also by being reported for data breach

Goodbye 2021, hello 2022!

Despite an excess of 100 different commission claims hitting the Lawgistics’ desks, not one single dealer has had to part with their money.

Used cars – a treasure trove of personal data and a data breach in the making

Modern cars pair with smart phones and other electronic devices via Bluetooth or USB and absorb huge amounts of our personal data.

Police ordered to disclose information

Citing the provisions of the Data Protection Act 2018.

£820 out of pocket due to a data breach

Ex-employee admitted to three offences of unlawfully obtaining personal data.

Get in touch

Complete the form to get in touch or via our details below:

Phone
01480 455500
Address

Vinpenta House
High Causeway
Whittlesey
Peterborough
PE7 1AE

By submitting this quote you agree to our Terms & Conditions and Privacy & Cookies Policy.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.