The third anniversary of the GDPR – how much has changed?

sign-up for a Virgin Media data breach

May 2021 marked the third anniversary of the GDPR (General Data Protection Regulation) which was implemented in the EU and adopted in the UK in 2018. Seen as a landmark moment, the new piece of data protection legislation forced many businesses and other data controllers to drastically rethink their approach to personal information.

However, now three years have passed, the GDPR’s impact is questionable. Thousands of data breaches are reported to the Information Commissioner’s Office (ICO) every year, with the biggest incidents often affecting hundreds of thousands or even millions of consumers. We are representing victims for some of the most damaging data breaches of the last three years, including those at British Airways, easyJet and Virgin Media.

The GDPR may have failed to influence some businesses to change their ways, but it can entitle victims to make a compensation claim in the event that their data protection rights are breached. While so many data breaches continue to happen, we are here to support those affected to claim the compensation pay-outs that they deserve.

Why was the GDPR introduced?

Before, the primary data protection law in the UK was imposed as long ago as the 1990s, and legislation needed a dramatic update to account for how the growth of digital technology and the internet has changed the ways in which personal information is shared, processed and stored. Moreover, the GDPR was said to empower individuals, giving them greater control over their information and the ways in which it is used by third parties.

Now, on the passing of the third anniversary of the GDPR, it is unclear how much protection the law has afforded data subjects in real terms.

The third anniversary of the GDPR – what has the impact been?

Although the ICO has taken enforcement action against a number of organisations that have breached the law, on the third anniversary of the GDPR, there still seems to be a lack of accountability. The threat of fines does not seem to have affected attitudes. Towards the end of 2019, one survey suggested that almost half of UK businesses were not fully compliant with the GDPR. It is uncertain how much progress has been made since this point in time.

Still, many breaches are being caused by human error, suggesting that employee mistakes remain at the heart of many companies’ data security incidents. This worrying notion implies that many breaches could be avoided if staff were trained correctly and better aware of the needs and requirements associated with the GDPR.

What can victims of data breaches do?

In the event of a data breach, victims can assert their rights in accordance with the GDPR by making a compensation claim. The law can account for the “material” and “non-material” effects of data breaches, allowing claimants the opportunity to recover compensation for the financial losses and expenses caused, as well as for any distress suffered as a result of the incident.

Since the GDPR, many law firms have begun pursuing data breach claims. We were ahead of the curve, having represented clients for privacy matters since as far back as 2014. Now, as we mark the third anniversary of the GDPR, we have developed specialist expertise in this emerging area of law, playing leading roles in some of the biggest data breach group actions of the past few years.

If you are considering making a data breach claim, do not hesitate to contact us for free, no-obligation advice on your potential compensation claim.

IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.

Request a Callback from our team!

Fill out our quick call back form below and we’ll contact you when you’re ready to talk to us.
All fields marked * are required.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy.
You have the right to object to the processing of your personal data.