Sharing Personal Information Without Consent UK – When Could I Claim?
By Danielle Fletcher. Last Updated 11th March 2025. You may be wondering if sharing personal information without consent in the UK is a data breach, and if so, could you make a claim? In this article, we will explain how sharing personal data could result in a personal data breach, and when you may be able to make a claim.
Crucially, consent is only one of the six lawful bases for processing data. The other five we will explore in further detail later on in this article. The Information Commissioner’s Office (ICO) is an independent body that oversees data protection law for UK residents. This includes legislation such as the Data Protection Act 2018 (DPA)and the UK General Data Protection Regulation (UK GDPR).
Further on in this guide, we will explain how this legislation sets out the eligibility criteria you must meet in order to claim. We will also explain how compensation in successful claims is calculated, and how a solicitor from our panel could help you through the claims process.
For more information about how sharing personal information without consent could result in a claim, contact our advisors. They can provide free legal advice when you get in touch by:
- Calling us on 020 3870 4868
- Filling in our online claim form
- Using the live chat feature for instant support
Select A Section
- What Is Personal Data?
- Could An Organisation Share Personal Information Without Consent In The UK?
- The Six Lawful Bases For Sharing Personal Data
- What Impact Could Sharing Personal Information Without Consent In The UK Have?
- What Could I Claim For An Organisation Sharing My Personal Information Without Consent UK?
- Get In Touch If A Company Shared Your Personal Information Without Consent
What Is Personal Data?
Personal data is defined under Article 4 of the UK General Data Protection Regulation (UK GDPR) as any information relating to an identified or identifiable natural person (known as a data subject). This is anyone who can be identified either directly or indirectly by an identifier. These include:
- Name.
- Home address.
- Email address, except a communal email address, such as one assigned to employees at a business.
- National insurance number.
- Phone number.
- Date of birth.
In addition to this, Article 9 of the UK GDPR sets out extra protections for personal data that is sensitive in nature. This is known as special category data, and it includes:
- Racial or ethnic origins of a data subject.
- Political opinions.
- Religious or philosophical beliefs.
- Trade union membership.
- Genetic or biometric data.
- Information about a data subject’s health, such as medical records.
- Data about a subject’s sex life or sexual orientation.
However, there may be a lawful basis for sharing personal information without consent in the UK. In the next section, we look at these and when you may be eligible to make a claim if your personal data is breached.
Could An Organisation Share Personal Information Without Consent In The UK?
You may be wondering if an organisation sharing private information without consent in the UK is a data breach. The ICO defines a personal data breach in general terms as an incident of security that impacts the confidentiality, integrity or availability of personal information.
Personal data is any information that could be used to identify you. If an organisation does not have a lawful basis to process your personal data and shares it without your consent, you might be eligible to make a data breach claim. However, there are specific eligibility criteria set out in Article 82 of the UK GDPR that you must meet.
In order to seek compensation for a data breach, you must prove that:
- The breach occurred due to the data controller or processor’s failure to comply with legislation. A data controller sets the means and purpose for processing, whilst the processor acts on their behalf.
- Your personal data was compromised in the incident.
- As a result of this breach, you suffered financial and/or emotional harm.
Contact our team today to learn more about when you could claim for a personal data breach.
How Long Do I Have To Claim For A Personal Information Data Breach?
If you have suffered financial harm or emotional distress as a result of an organisation sharing your private information without your consent, you may be eligible to make a claim for data breach compensation. However, you must start your claim within the correct time limit.
Typically, you’ll have six years to start a personal data breach claim. In contrast, if you claim against a public body, you have just one year to bring forward your claim.
Please don’t hesitate to contact our advisors if you are unsure whether you are within the time limit to make a claim for a breach of the UK GDPR. If an organisation is sharing your personal information, our advisors can give you free advice on what steps to take next.
The Six Lawful Bases For Sharing Personal Data
Contrary to what people may believe, sharing personal information without consent in the UK does not always constitute wrongful conduct under the UK GDPR. In order to be compliant with the law, an organisation must meet at least one of these bases and be able to justify its actions.
The six lawful bases are as follows:
- Consent: data can be shared where a data subject has given permission for their data to be used. Organisations must be clear on how and why personal data is to be used, and the data subject must opt-in, rather than opt-out of the usage.
- Contract: where the use of personal data is required to fulfil a contract, for example, when purchasing something online, the seller will share your address with the courier or postal services.
- Legal obligation: where laws require the sharing of personal data, such as an employer sharing your details with the workplace pension provider.
- Vital interest: this is when the sharing of personal data is required to protect life. For example a person’s life is at risk, medical information will need to be shared with the hospital.
- Public task: data that is necessary for carrying out tasks in the public interest. A lot of public authorities use this basis.
- Legitimate interests: the broadest and most difficult to define bases. The ICO stipulate that legitimate interests require clear and specific benefits or outcomes that are balanced against the individual’s interests.
Where there is no lawful basis to process personal data, a claim could be made. Check if you’re eligible to sue an organisation for sharing personal data without consent by talking to our advisors today.
What Impact Could Sharing Personal Information Without Consent In The UK Have?
A personal data breach can affect you in a number of ways. Personal data breaches can cause psychological injuries such as depression, anxiety, and distress. This can have effects on your personal relationships, education, and working life.
You may also suffer financial harm as a result of a personal data breach. For example, a breach of your credit card details may lead to criminals stealing money from your bank account. Or, access to your personal details may lead to identity theft, with fraudulent charges made on your credit card.
If you have suffered harm as a result of an organisation sharing your personal data without consent in the UK, contact our team today.
What Could I Claim For An Organisation Sharing My Personal Information Without Consent UK?
If your data breach claim is successful, your settlement could contain two heads. material and non-material damage. Non-material damage refers to the impact the breach had on your mental health, for example, if it caused you to suffer from anxiety or depression, then you may be able to claim non-material damage compensation.
To help when valuing non-material damage, those responsible for evaluating your case may refer to a document titled the Judicial College Guidelines (JCG). The JCG lists guideline compensation brackets for different types of mental harm.
In our table below, we look at a few figures from the latest edition of the JCG, but please note that these are only guidelines.
Compensation Table
It should be noted that the top figure is not from the JCG but included to show you how compensation could be awarded for both types of damage in a successful case.
| Injury Type & Severity | Severity | Compensation Range |
|---|---|---|
| Very Severe Psychological Damage and Material Losses | Very Severe | Up to £500,000+ |
| General Psychiatric Injury | Severe (a) | £66,920 to £141,240 |
| Moderately Severe (b) | £23,270 to £66,920 | |
| Moderate (c) | £7,150 to £23,270 | |
| Less Severe (d) | £1,880 to £7,150 | |
| Post-Traumatic Stress Disorder | Severe (a) | £73,050 to £122,850 |
| Moderately Severe (b) | £28,250 to £73,050 | |
| Moderate (c) | £9,980 to £28,250 | |
| Less Severe (d) | £4,820 to £9,980 |
Your settlement may also include compensation for material damage. This covers the financial losses caused by the breach. For example, if you needed to take time off work because of the psychological effects of the breach, and this led to a loss of earnings, compensation could be awarded to address this.
One of our advisors can provide you with more information surrounding compensation for a data breach. They can also answer any further questions you have regarding claims for sharing private information without consent in the UK. Get in touch using the details at the top of this page to learn more.
Get In Touch If A Company Shared Your Personal Information Without Consent
When making a personal data breach claim, you may be interested in hiring a data protection solicitor from our panel. Our panel of legal experts can offer to represent eligible claimants under Conditional Fee Agreement (CFA). This No Win No Fee contract means there are no upfront or ongoing fees imposed during your claim.
If your claim succeeds, then your solicitor will take a success fee. They will take this directly from your compensation. This fee is a percentage of your award, but there is a legal cap. In the event of an unsuccessful claim, you will not pay this fee.
Our advisors can tell you if you have a valid claim, and may be able to connect you with a solicitor from our panel. Get in touch to learn more:
- Call 020 3870 4868
- Speak to the live chat team on our website
- Fill in our online claim form
Related Data Breach Guides
- Joint bank account data breach claims
- Counsellor data breach claims
- Probation officer data breach claims
Thank you for reading our guide on making a claim for sharing personal information without consent in the UK.
Article by NA
Publisher AA
