The EU’s General Data Protection Regulation (GDPR) underpins the UK’s data protection regime. Under the GDPR, any organisation that handles personal information must use robust measures to keep this data safe. The more you know about the GDPR, the easier it is to hold organisations to account when they fail to protect your data rights.
The GDPR is an EU law on data protection and privacy. It establishes how your personal information can be used by organisations, businesses and the government.
Despite Brexit, all UK organisations must comply with the GDPR as the UK chose to implement its version of the law after the transition period ended (UK GDPR). In the UK, the Data Protection Act (DPA) 2018 is the UK’s interpretation of the GDPR.
Under GDPR, people have a right to be notified if their personal data is being used or stored. This includes why an organisation uses your data, how it is using it, what type/types of data it is using, how long the data will be kept, if it shares this data with any third parties, and more. A failure to provide this information could be a data protection breach.
Personal data includes can be used to identify a specific individual – either on its own or along with other information. This could be a name, email address, financial information or even an IP address.
To access many of your GDPR data rights, you need to make a data subject access request (DSAR/SAR). You do not have to pay to make a DSAR. However, if you ask for extra copies, or if you ask for something that is ‘manifestly unfounded or excessive’, the organisation might charge a reasonable fee for administrative costs.
Data protection law requires organisations to respond to a request for data within one calendar month. However, they might need extra time to consider your request and, if so, can take an additional two months to do this. The organisation must let you know within one month if it needs more time and why. If the requested information is not provided in the timeframe, you can raise a complaint with the ICO. A refusal to answer respond to such a request within the legal timeframe could be a GDPR breach.
You can make a subject access request at any time. For example, many of our clients at Keller Postman UK make DSARs to start the compensation claim process following a data breach. If you decide that you want to make a SAR, there are some steps you should take…
An organisation can refuse a request if they believe it to be ‘manifestly unfounded or excessive’. But, if you think your request has been rejected unjustly, you can raise a complaint with the organisation in question, and if you remain dissatisfied, the ICO.
When it comes to GDPR failures and abuses, most people think about data breaches.
A data breach refers to any situation where data has been put at risk. For example, when criminals break into an organisation’s systems to steal information, or more commonly, because of simple human error and poor data protection processes.
But GDPR violations are not just about data breaches. A GDPR failure can happen when companies fail to uphold any of your individual data rights.
At Keller Postman UK, our data protection team is committed to making sure that people across England & Wales understand their data protection rights. And, if your rights have been violated by an organisation breaching any part of the GDPR/Data Protection Act, we may be able to help you to claim compensation. For example, in addition to our various data breach group actions, we support clients who have experienced GDPR violations because of facial recognition software and algorithmic and automated decision-making processes.
When it comes to legal support, big organisations have deep pockets. And they are smarter and better resourced than ever before. So, it can be difficult for some law firms to stand up to such strength if they do not have data breach expertise or the resources to take the big players on.
At Keller Postman UK, we do not just even the score – we take the fight to them.
Our data breach team has the legal expertise and resources necessary to take on the corporate giants. What is more, the strength and means of our firm ensure that we never have to back down from a challenge. And with access to whatever resource we need – be that time to go the long-haul or the expertise to delve deep into the evidence – we have everything it takes to win.
TELL US ABOUT HOW A DATA BREACH OR CYBERCRIME HAS AFFECTED YOU. AND WE’LL TELL YOU HOW WE CAN HELP.