Sharing Personal Information Without Consent UK – When Could I Claim?
By Danielle Fletcher. Last Updated 16th January 2024. You may be wondering if sharing personal information without consent in the UK is a data breach, and if so, could you make a claim? In this article, we will explain how sharing personal data could result in a personal data breach, and when you may be able to make a claim.
Crucially, consent is only one of the six lawful bases for processing data. The other five we will explore in further detail later on in this article. The Information Commissioner’s Office (ICO) is an independent body that oversees data protection law for UK residents. This includes legislation such as the Data Protection Act 2018 (DPA)and the UK General Data Protection Regulation (UK GDPR).
Further on in this guide, we will explain how this legislation sets out the eligibility criteria you must meet in order to claim. We will also explain how compensation in successful claims is calculated, and how a solicitor from our panel could help you through the claims process.
For more information about how sharing personal information without consent could result in a claim, contact our advisors. They can provide free legal advice when you get in touch by:
- Calling us on 020 3870 4868
- Filling in our online claim form
- Using the live chat feature for instant support
Select A Section
- What Is Personal Data?
- Could An Organisation Share Personal Information Without Consent In The UK?
- What Impact Could Sharing Personal Information Without Consent In The UK Have?
- What Could I Claim For An Organisation Sharing My Personal Information Without Consent UK?
- Get In Touch If A Company Shared Your Personal Information Without Consent
Personal data is defined under Article 4 of the UK General Data Protection Regulation (UK GDPR) as any information relating to an identified or identifiable natural person (known as a data subject). This is anyone who can be identified either directly or indirectly by an identifier. These include:
- Home address.
- Email address, except a communal email address, such as one assigned to employees at a business.
- National insurance number.
- Phone number.
- Date of birth.
In addition to this, Article 9 of the UK GDPR sets out extra protections for personal data that is sensitive in nature. This is known as special category data, and it includes:
- Racial or ethnic origins of a data subject.
- Political opinions.
- Religious or philosophical beliefs.
- Trade union membership.
- Genetic or biometric data.
- Information about a data subject’s health, such as medical records.
- Data about a subject’s sex life or sexual orientation.
However, there may be a lawful basis for sharing personal information without consent in the UK. In the next section, we look at these and when you may be eligible to make a claim if your personal data is breached.
You may be wondering if an organisation sharing private information without consent in the UK is a data breach. The ICO defines a personal data breach as a security incident that affects the integrity, confidentiality, or availability of your personal data.
In some cases, an organisation is able to share your personal data without your consent if they can first establish a lawful basis to do so.
The ICO lists these lawful bases as:
- Legal obligation.
- Vital interest.
- Public task.
- Legitimate interests.
Personal data is any information that could be used to identify you. If an organisation does not have a lawful basis to process your personal data and shares it without your consent, you might be eligible to make a data breach claim. However, there are specific eligibility criteria set out in Article 82 of the UK GDPR that you must meet.
In order to seek compensation for a data breach, you must prove that:
- The breach occurred due to the data controller or processor’s failure to comply with legislation. A data controller sets the means and purpose for processing, whilst the processor acts on their behalf.
- Your personal data was compromised in the incident.
- As a result of this breach, you suffered financial and/or emotional harm.
Contact our team today to learn more about when you could claim for a personal data breach.
How Long Do I Have To Claim For A Personal Information Data Breach?
If you have suffered financial harm or emotional distress as a result of an organisation sharing your private information without your consent, you may be eligible to make a claim for data breach compensation. However, you must start your claim within the correct time limit.
Typically, you’ll have six years to start a personal data breach claim. In contrast, if you claim against a public body, you have just one year to bring forward your claim.
Please don’t hesitate to contact our advisors if you are unsure whether you are within the time limit to make a claim for a breach of the UK GDPR. If an organisation is sharing your personal information, our advisors can give you free advice on what steps to take next.
A personal data breach can affect you in a number of ways. Personal data breaches can cause psychological injuries such as depression, anxiety, and distress. This can have effects on your personal relationships, education, and working life.
You may also suffer financial harm as a result of a personal data breach. For example, a breach of your credit card details may lead to criminals stealing money from your bank account. Or, access to your personal details may lead to identity theft, with fraudulent charges made on your credit card.
If you have suffered harm as a result of an organisation sharing your personal data without consent in the UK, contact our team today.
If your data breach claim is successful, your settlement could contain two heads. material and non-material damage. Non-material damage refers to the impact the breach had on your mental health, for example, if it caused you to suffer from anxiety or depression, then you may be able to claim non-material damage compensation.
To help when valuing non-material damage, those responsible for evaluating your case may refer to a document titled the Judicial College Guidelines (JCG). The JCG lists guideline compensation brackets for different types of mental harm.
In our table below, we look at a few figures from the latest edition of the JCG, but please note that these are only guidelines. It should be noted that the top figure is not from the JCG but included to show you how compensation could be awarded for both types of damage in a successful case.
|Injury Type & Severity
|Very Severe Psychological Damage and Material Losses
|Settlements may include compensation for very serious psychological harm and financial losses, including funds taken from your bank account.
|Up to £250,000+
|Psychiatric Damage – Severe
|Serious issues with work and relationships. The prognosis is extremely poor.
|£54,830 to £115,730
|Psychiatric Damage – Moderately Severe
|Same as above with slightly better prognosis.
|£19,070 to £54,830
|Psychiatric Damage – Moderate
|The prognosis is positive despite initial injury, with the improvement of symptoms shown by the time of trial.
|£5,860 to £19,070
|Psychiatric Damage – Less Severe
|The length of time affected is considered, along with the effect on sleep and day-to-day activities.
|£1,540 to £5,860
|PTSD – Severe
|All aspects of life badly affected with the prognosis looking very poor.
|£59,860 to £100,670
|PTSD – Moderately Severe
|Serious disability for a length of time, with a slightly more optimistic prognosis.
|£23,150 to £59,860
|PTSD – Moderate
|A large recovery is achieved, with remaining symptoms not significantly disabling.
|£8,180 to £23,150
|PTSD – Less Severe
|Full recovery anticipated within 24 months, with only minor symptoms that remain.
|£3,950 to £8,180
Your settlement may also include compensation for material damage. This covers the financial losses caused by the breach. For example, if you needed to take time off work because of the psychological effects of the breach, and this led to a loss of earnings, compensation could be awarded to address this.
One of our advisors can provide you with more information surrounding compensation for a data breach. They can also answer any further questions you have regarding claims for sharing private information without consent in the UK. Get in touch using the details at the top of this page to learn more.
When making a personal data breach claim, you may be interested in hiring a data protection solicitor from our panel. Our panel of solicitors offer legal representation for your claim under a Conditional Fee Agreement (CFA). This means that there are no upfront fees and no ongoing costs.
If your claim succeeds, then your solicitor will take a success fee. They will take this directly from your compensation. This fee is a percentage of your award, but there is a legal cap. In the event of an unsuccessful claim, you will not pay this fee.
Our advisors can tell you if you have a valid claim, and may be able to connect you with a solicitor from our panel. Get in touch to learn more:
Related Data Breach Guides
- Joint bank account data breach claims
- Counsellor data breach claims
- Probation officer data breach claims
Thank you for reading our guide on making a claim for sharing personal information without consent in the UK.
Article by NA