Welcome to this guide on whether sharing an email address is a breach of GDPR. The General Data Protection Regulation (GDPR) is a set of rules that were introduced in 2018 to protect the privacy of individuals within the European Union (EU). The regulation requires organisations to obtain consent before collecting, processing, and sharing personal data. Therefore, sharing an email address without authorisation could be a breach of GDPR. The UK’s application of GDPR is enshrined in law in the Data Protection Act 2018 in the UK.
If you have been affected by an incident that could lead to a data breach claim, you may be entitled to compensation for any harm caused by the breach. This harm could include financial losses, emotional distress, and even identity theft.
This guide will cover incidents that could lead to data breach claims, the harm that could be caused by sharing an email address without authorisation, and how to calculate compensation. It will also provide information on how to seek legal assistance to make a data breach claim.
If you believe that sharing an email address has caused you harm, an advisor can help you work out whether you could be eligible for data breach compensation. They can also connect you with a data breach solicitor from our panel who can assist you in making a No Win No Fee data breach claim.
Why not get in touch with an advisor to find out more. You can get in touch by:
Sharing An Email Address and GDPR Breach Claims Explained
The Data Protection Act 2018 is a law that governs the processing of personal data in the UK. The Act aims to protect the privacy of individuals by regulating the collection, use, and storage of personal data by organisations. The Act requires organisations to obtain consent before processing personal data, and to ensure that the data is accurate, secure, and kept for no longer than necessary.
Email addresses are considered personal data under the Data Protection Act 2018, and therefore must be treated with the same level of protection as other personal information. If an unauthorised party obtains access to an email address, they may be able to use it for phishing scams, identity theft, or other fraudulent activities. They could also use it in combination with other data to access financial accounts.
To be eligible for compensation for an email address data breach, you must have suffered harm as a result of the breach. This harm could include financial loss, emotional distress, or damage to your reputation. You must also be able to prove that the breach was caused by the wrongdoing of the organisation that held your data.
Evidence that you may need to support your claim could include copies of any emails or correspondence related to the breach, any financial losses you have suffered, and any medical or psychological reports relating to emotional distress.
How Long Do I Have To Claim Compensation If Sharing An Email Address Is A Breach Of GDPR?
Under the UK GDPR, individuals generally have a six-year time limit to bring a compensation claim for damages resulting from a data breach. This six-year time limit typically starts from the date of the breach. However, for some claims, this limitation period may be shorter.
It is important to note that it is still advisable to act as quickly as possible if you believe you have suffered harm as a result of a data breach. This is because the longer you wait, the harder it may be to gather the evidence needed to support your claim.
A solicitor can help you to assess your case, gather the necessary evidence, and advise you on your chances of success in making a claim for compensation within the relevant time limit.
How Could An Organisation Wrongfully Share My Email Address And Cause Me Harm?
Organisations can wrongfully share your email address in a number of ways, and this can cause you harm in various ways. Here are some examples:
- Email spam and phishing scams: If an organisation shares your email address without your consent, it could end up in the hands of spammers and scammers. You may start receiving a large number of unsolicited emails, some of which may be phishing scams designed to steal your personal information or infect your device with malware.
- Identity theft: If an organisation shares your email address along with other personal information, such as your name, address, and date of birth, it could make it easier for fraudsters to steal your identity. They may use this information to open accounts in your name or make fraudulent purchases, causing you financial harm.
- Breach of privacy: If an organisation shares your email address with a third party without your consent, this could be a breach of your privacy. You may feel that your personal information has been violated, and this could cause you emotional harm.
In all of these cases, if you have suffered harm as a result of an organisation wrongfully sharing your email address, you may be eligible for compensation. A solicitor can help you to assess your case and advise you on your options for making a claim.
Example Of A Company That Breached Email Data
One example of a fine issued by the ICO for an email data breach occurred in 2018. This involved a company called Uber, which was found to have failed to protect the personal data of its users.
In this case, Uber had suffered a data breach that exposed the personal data of around 57 million users worldwide. The breach included email addresses, names, and phone numbers, among other information. The ICO found that Uber had not taken appropriate steps to protect this data, and as a result, the breach had occurred.
The ICO fined Uber £385,000 for the breach, which was one of the highest fines ever issued by the regulator at the time. The fine was based on the fact that a lack of security measures had caused the breach, and that the personal data of millions of individuals had been exposed as a result.
Damages For Sharing An Email Address Causing A Breach Of GDPR
If an organisation wrongfully shares your email address and causes a breach of GDPR, you may be entitled to claim compensation for the damages you suffer. Damages can include both material and non-material losses.
Material damages are those that are quantifiable, such as financial losses, expenses incurred, or the cost of replacing equipment. For example, if you have suffered financial losses as a result of an email data breach, you may be able to claim compensation for these losses.
Non-material damages, also known as “pain and suffering” damages, are those that are not easily quantifiable. They include losses such as emotional distress, anxiety, or reputational harm. For example, if an email data breach has caused you to experience anxiety or distress, you may be able to claim compensation for these non-material damages.
How Much Compensation Could I Receive?
If you’re considering making a non-material damages claim for harm suffered from someone sharing your email address causing a breach of GDPR, you may be curious about the potential compensation amounts you could receive. While there’s no definitive answer to this question, we’ve provided some general guidelines based on the 2022 edition of the Judicial College Guidelines, which are commonly used to value claims in England and Wales.
The amounts below are based on different types of psychological injuries that may be compensated for in a data breach claim:
- Severe Psychological Injury: £54,830 to £115,730
- Moderately Severe Psychological Injury: £19,070 to £54,830
- Moderate Psychological Injury: £5,860 to £19,070
- Less Severe Psychological Injury: £1,540 to £5,860
It’s important to remember that these are only guidelines and that each case is unique. Compensation amounts will depend on the specific circumstances of the breach and the harm caused.
No Win No Fee Claims If Sharing An Email Address Is A Breach Of The GDPR
A No Win No Fee agreement could help alleviate some concerns you might have about paying for a lawyer to help you with your claim. Also known as a Conditional Fee Agreement, this type of agreement enables you to obtain legal assistance without paying any upfront legal fees. Your lawyer will only receive a fee if your claim is successful, and this fee will be deducted from your compensation award.
Our panel of experienced data breach solicitors can assist you in making a claim under a No Win No Fee agreement if you meet the eligibility criteria. An advisor can provide expert advice on the strength of your claim, the amount of compensation you might be entitled to, and guide you through the claims process.
If you’re unsure whether you’re eligible to make a claim or want to learn more about how we can assist you, contact us today.
- You can call us on 0800 408 7827 and connect with an advisor
- Contact us here
- Or speak to us via live chat.
Is Sharing An Email Address A Breach Of GDPR? – Further Resources
Spam Emails – Insight from the ICO about spam emails.
Make A Complaint – The ICO website contains details about making a complaint.
The Limitation Act 1980 – Legislation covering how long a person might have to make a claim.
GDPR Claim – Our general guide on making a GDPR claim.
Email Data Breach – Find out whether you could claim for an email data breach.
How Much Compensation – Work out what you could claim for.