Breaches of Data Protection Act

Meet the team

In recent years, with the introduction of the Data Protection Act 2018 – a new piece of legislation building on regulations laid out by its predecessor in 1998 – and the implementation of the General Data Protection Regulation or GDPR, data protection has become a sensitive legal focus across Europe.

So what happens if you have been accused of a breach of the Data Protection Act 1998 or 2018?

How can DPP Law Help?

If you or your company has been reported to the Information Commissioner’s Office (ICO) for data protection criminal offences, you must act quickly to ensure that you have the best defence possible.

The team at DPP Law has more than 30 years’ experience in defending against prosecutions under the data protection act. Our solicitors will build a strong defence based on evidence that you provide.

Depending on the circumstances of the alleged offence, we may be able to argue that the data in question was accessed or utilised in order to prevent crime or to act in the public interest, that you had the legal authority or were required by law to do so, or that you had reason to believe that you were not committing a breach at all.

Implications of Data Protection Act Offences

If you are found guilty of Data Protection Act criminal offences, not only will you be liable to pay considerable fines, but your company and its governing or management team may also be prosecuted if it is believed that inadequate procedures for the prevention of the offence were in place at the time.

Data Protection Act Sentencing Guidelines  

If prosecutions under the Data Protection Act that are brought against you or your company are successful, it is likely that you will be forced to pay an as-yet unlimited fine.

While the amount in question most commonly stands between a few hundred and a few thousand pounds, there have been recent instances of fines against organisations entering the tens or hundreds of thousands for breaches of the data protection act.

Breach of Data Protection Act Examples

Under Section 55, Data Protection Act 1998, you or your company may be prosecuted if you have shared personal details or one or more customers or clients – such as their telephone number, email address, home address, medical records, their recruitment and employment information or details of their interactions with the police – with a third party without their consent.

This however, is just one of the many circumstances under which you may be investigated for a breach of the Data Protection Act 1998 or 2018 – see below for more.

Information Related to Breaches of the Data Protection Act

An individual or company may be accused of any of the following data protection act criminal offences and more:

  • The unlawful obtaining, disclosing, retaining or procuring of personal data (Section 170, Data Protection Act 2018 – formerly Section 55, Data Protection Act 1998). This refers to the offence of interacting with an individual’s private data without explicit and clear consent.
  • The failure of an individual or company to allow or assist an individual to access personal data that is stored, or providing false information when such a request is made (Section 119 and Section 144, Data Protection Act 2018).
  • Destroying or altering important data or falsifying information (Section 148 and Section 173, Data Protection Act 2018).
  • Publicly identifying an individual in relation to particular information that had previously been rendered anonymous for purposes of data protection. (Section 171, Data Protection Act 2018).

Frequently Asked Questions

What constitutes a breach of Data Protection Act 1998 or 2018?

There are many transgressions which may be classed as Data Protection Act criminal offences, the most famous being Section 170 of the Data Protection Act 2018, which recently replaced Section 55, Data Protection Act 1998 and states that personal data cannot be  obtained, retained or disclosed without the consent of the individual to whom it relates. You’ll find all other offences related to the Data Protection Act via

What happens if a company breaches the Data Protection Act?

If your organisation has committed a data breach or otherwise committed an offence under the Data Protection Act, not only will the individuals directly involved become the subject of an investigation by the ICO, but, under Section 198 of the 2018, the company that employs them, along with its directors, may be considered liable too.

If found guilty, both the individuals and the company will be required to pay what may amount to a considerable fine, potentially alongside compensation for the victim. Should the transgression be publicized, consumer trust in the company is also highly likely to fall – meaning that committing the offence can have severe knock-on effects when it comes to the future of the organisation.

What will the ICO do in response to a Data Protection Act breach?

The ICO, or Information Commissioner’s Office, is able to serve Enforcement Notices if they are made aware of any breaches. This means that they can lay down rules that a company is legally required to follow in order to properly comply with the Data Protection Act and GDPR. If you fail to adhere to the terms of this notice, they may then prosecute you or your company. They may also issue fines of £1,000 as the result of any breach or compliance failure.

If you have been accused of breaches of the Data Protection Act, make contact with the specialists at DPP Law today.


Send us a message
Leave us your details and we will get back to you.

Your personal data is private and will only be used by DPP Law Ltd in accordance with our Privacy Policy, click here for full details.

Call Us
Contact us right now on:
phone0333 200 5859
24 hours a day,

7 days a week

365 days a year.

Call Us