By Jo Greenwood. Last Updated 3rd December 2024. The UK’s data protection laws give protection to your personal information when it is held or in use by an organisation. Your phone number is part of your personal information.
If an organisation fails to protect your personal information, you could hold them liable for any harm you suffer as a result. Revealing your phone number without a lawful basis to do so, can be a breach of the UK GDPR, and this guide will show you how you could be eligible to make a claim for compensation.
We will talk about data breaches, the UK GDPR, and the protection it gives to your personal data and give you information about compensation and how it is calculated in data breach claims. Our guide discusses the role of a data controller and a data processor and the steps they should take to protect your personal data. We will also explain how you can get in touch with our No Win No Fee solicitors to help you make your claim.
For any information you might need, or questions you want answering about making a data breach compensation claim, you can also speak with one of our advisers. They offer free initial consultations and can even help value your claim and assess if the organisation could be liable. You can reach out to one now by;
- Calling them on 0800 073 8804
- Using our contact us page
- Using the live chat feature
Select A Section
- Is My Phone Number Covered Under UK GDPR?
- What Personal Data Is Not Covered By The UK GDPR?
- Is Revealing My Phone Number A Breach Of UK GDPR?
- What Can I Do If My Phone Number Has Been Revealed?
- How Much Could You Claim For A UK GDPR Breach Of Data?
- Make A No Win No Fee Data Breach Claim
Is My Phone Number Covered Under UK GDPR?
Personal information can broadly be categorised into two categories:
- Information that identifies you: such as your name, address, or date of birth
- Information that relates to you: such as ethnic background, religious affiliation or sexual orientation.
When an organisation records, stores or uses any piece of information about or relating to a person, the information is considered personal data.
The organisation is now considered a data controller and immediately becomes subject to the UK General Data Protection Regulation (GDPR) and Data Protection Act 2018 (DPA). This is because there are rules for how personal data can be used, revealed or shared.
Data controllers have a responsibility to make sure any personal information they have about you is securely stored, kept confidential and only used appropriately. Data controllers can also be data processors, who are responsible for processing personal data.
Your phone number is your personal information, and if you suffered harm because:
- An organisation revealed your phone number without a valid and lawful reason
- An organisation failed to properly secure your phone number, leading to it being exposed.
You could be eligible to make a claim for compensation for the financial or mental harm that you suffered. If this happened to you, please speak with one of our advisers for information about making a data breach claim.
Is Sharing Someone’s Phone Number Illegal In The UK?
So, is sharing someone’s phone number illegal in the UK?
In short, if an organisation has no lawful basis to share your phone number, they shouldn’t do so. Doing so could be illegal and may see them subject to fines and investigations by the Information Commissioner’s Office. It could also lead to the affected individuals making a data breach claim.
What Personal Data Is Not Covered By The UK GDPR?
The UK GDPR gives protection to personal data and personally sensitive data that relates to a person.
This applies to:
- Data that a person can be directly identified from
- Data that a person can be identified from, when in use with other pieces of information
Personal data that is protected may fit into two categories such as personal information and special category data.
As we have discussed personal data is anything relating to you, the data subject, that can be used to identify you or use in conjunction with other information to identify you. Special category data relates to your health, ethnic origin or your race.
Your phone number directly relates to you and is information you can be directly identified from. It is protected by the UK GDPR and revealing your phone number can be a breach of the UK GDPR.
Is Revealing My Phone Number A Breach Of UK GDPR?
There are instances where revealing your phone number will not be a breach of the UK GDPR. This is because the organisation will have a valid and lawful reason for doing so. The UK GDPR sets out the six lawful bases for sharing information which are:
- Consent: In that you have given them consent to share your phone number
- Contractual Obligation: In that they revealed your number to fulfil a contract they had with you
- Legal Obligations: If they revealed your number to meet a legal obligation
- Vital Interest: If revealing your number was necessary to protect a life
- Public Interest: If it was in the public’s interest to reveal your phone number
- Legitimate Interest: The company has a legitimate and valid reason to share your phone number.
Instances outside of this, or instances that do not properly fulfil the listed basis are instances where revealing your phone number can be a breach of the UK GDPR.
What Can I Do If My Phone Number Has Been Revealed?
The first action you can take after a data breach is to make a written complaint directly to the organisation responsible. It should be written so as to maintain evidence of both sides of the correspondence
Before beginning any legal action, you can also report the organisation to the Information Commissioner’s Office; an independent body in the UK dealing with data protection rights. You should do this within three months of your last meaningful communication with the organisation.
Data breach claims address two types of harm, financial harm (I.e. financial losses) and mental harm (psychological harm, such as stress or anxiety from the breach).
If possible, maintain records of your financial losses and medical records as they can be used as evidence in your claim.
A solicitor can help arrange an independent psychological assessment to produce a report as medical evidence.
If an organisation breached the UK GDPR in revealing your phone number, and this led to you suffering harm please reach out to an adviser for information.
Phone Number Data Breach – How Long Do I Have To Claim?
If you meet the eligibility criteria to make a claim for a phone number data breach, you must also ensure that you start legal proceedings within the relevant time limit. Generally, you will have six years to make a personal data breach claim.
To see if you could be eligible to make a personal data breach claim if your personal phone numbers were compromised in a breach, you can contact our advisors. They may also connect you with one of our solicitors if you have a strong case.
How Much Could You Claim For A UK GDPR Breach Of Data?
If you are wondering “Is revealing my phone number a breach of UK GDPR, and if so, what can I be compensated for?”, we can tell you how data breach compensation may be calculated.
If you have a successful phone number data breach claim, you could be compensated for material damage, non-material damage, or both.
Non-material damage refers to the psychological harm you have suffered due to having your phone number breached. This includes Post-Traumatic Stress Disorder (PTSD), anxiety, depression, and stress.
Legal professionals can use the Judicial College Guidelines (JCG) to help them value your psychological harm. The JCG publishes guideline compensation brackets for different types of psychological and physical harm,
Guideline Compensation Table
The table below shows figures from the JCG for different types of psychological harm.
Please note that these figures are not guaranteed because all data breach claims are different. The first entry has also not been taken from the JCG.
| Injury | Severity | Award |
|---|---|---|
| Severe Psychological Damage Plus Financial Losses | Serious | Up to £250,000+ |
| Psychiatric Damage | Severe (a) | £66,920 to £141,240 |
| Moderately Severe (b) | £23,270 to £66,920 | |
| Moderate (c) | £7,150 to £23,270 | |
| Less Severe (d) | £1,880 to £7,150 | |
| Post-Traumatic Stress Disorder | Severe (a) | £73,050 to £122,850 |
| Moderately Severe (b) | £28,250 to £73,050 | |
| Moderate (c) | £9,980 to £28,250 | |
| Less Severe (d) | £4,820 to £9,980 |
Material Damage
Material damage refers to the financial losses you have suffered due to having your phone number breached. This may include:
- Loss of earnings if you have taken time off work due to your psychological harm.
- The cost of therapy due to your psychological harm.
- Relocation costs (if you had to move address following a data breach due to fear of your safety).
You must provide evidence of the financial losses you have suffered to have your material damage compensated. Such evidence can be in the form of bank statements, payslips, invoices, and receipts.
So, if you are wondering “Is sharing someone’s phone number illegal in the UK, and can I claim compensation for a phone number data breach?”, please contact us for a free case evaluation.
Make A No Win No Fee Data Breach Claim
Now that you know more about making a personal data breach compensation claim, you might be wondering how a solicitor could help.
Our solicitors work on a No Win No Fee basis; this means that, with the help of a Conditional Fee Agreement (a type of No Win No Fee agreement), your solicitor will generally start work on your claim without asking for an upfront payment for their services. Similarly, they won’t ask you to pay for their work as your data breach compensation claim is ongoing. If your personal data breach claim fails, you won’t need to pay for your solicitor’s services.
If your data breach compensation claim succeeds, then your solicitor will take a success fee. This is deducted from your compensation directly and is taken as a small, legally capped percentage. This legal cap helps to make sure that you keep the larger share of what you receive.
Contact Our Team
If you’d like to seek compensation for a personal data breach caused by a breach of the UK GDPR, contact our team. Our advisors can offer more information surrounding the claims process and could potentially connect you with one of our expert No Win No Fee solicitors. Get in touch today by:
- Calling us on 0800 073 8804
- Using our contact us page.
- Using the live chat feature.
Further Helpful Information
Below are some additional links you might find useful such as:
- ICO: A guide to taking your case to court and claiming compensation
- GOV: A guide to your data protection rights
- Action Fraud: A guide to mobile phone fraud scams you should watch out for, if your phone number has been exposed.
Thank you for reading our guide to making a claim against an organisation for a breach of the UK GDPR in revealing your phone number. We offer guides on other topics such as:
- Suing A Company For A Data Breach
- Stolen Phone Data Breach Claims
- Credit Card Data Breach Claims
- A guide to school data breach claims. Learn how to make a claim on behalf of your child if their data was exposed
- To learn more about the recent PSNI data breach and compensation claims associated with it, head here. You can find out what happened, who’s at fault, what to do and potential compensation payouts.
Guide By Charles
Edited By Melissa.
