We've been featured in:

  • bbc logo
  • daily mail logo
  • itv logo
  • skynews logo

Advice On Whether Sharing An Email Address Is A Breach Of GDPR

By Cat Way. Last Updated 12th February 2025. Is an email address personal data? You might be wondering if you could make a personal data breach claim if your email address has been exposed or compromised in a breach. The personal data of all UK residents is protected under the Data Protection Act 2018 (DPA) and the UK General Data Protection Regulation (UK GDPR).

In this guide, we’ll explore how these legislations protect your email address and other personal data. We’ll also explore the criteria that your case must meet in order to form the basis of a valid personal data breach claim.

A personal data breach can cause significant harm to both your mental health and your finances. Our guide will discuss how you could pursue compensation for harm to both these areas and how this compensation is calculated by professionals.

Finally, we will explore how working with a solicitor could benefit your claim. Our solicitors work on a No Win No Fee basis, and are on hand to help. To learn more about the UK GDPR and email addresses, read on. Alternatively, you can contact our team of advisors to get started:

You can also watch our video which explains the key takeaways from this guide:

Select a Section

  1. Is Sharing An Email Address A Breach Of GDPR?
  2. Data Breach Claim Eligibility
  3. In What Circumstances Can Your Email Address Be Shared?
  4. Data Protection Breach Examples In The UK
  5. Examples Of Evidence To Support Your Personal Data Breach Claim
  6. What Compensation Can I Receive For An Email Data Breach
  7. How Could No Win No Fee Solicitors Help You?
  8. More Help On Is Sharing An Email Address A Breach Of GDPR?

Is Sharing An Email Address A Breach Of GDPR?

You may find yourself asking, ‘Is sharing an email address a breach of GDPR?’. Organisations must follow data protection laws, including the UK General Data Protection Regulations (UK GDPR) and the Data Protection Act 2018 (DPA). These aim to prevent people from suffering harm due to data misuse. 

The Information Commissioner’s Office (ICO) is responsible for ensuring that data protection laws are followed. The ICO defines personal data as information that could be used to identify you, including your email address. Therefore, your email address should be protected in accordance with the law. 

The DPA and UK GDPR outline data protection principles. These state that personal data must be:

  • Used with accountability
  • Kept up-to-date and accurate
  • Stored for the correct amount of time
  • Used minimally and with purpose
  • Handled in a confidential manner

When an organisation does not control or process your data in accordance with these principles, they have failed to follow the law. For example, you may be able to claim against an organisation for sharing your email address without your permission

Keep reading to find out more about the eligibility criteria. Alternatively, you may find it more helpful to call one of our advisors, who can explain anything you are unsure about.

an infograph showing different ways Sharing an Email Address could Breach GDPR

Data Breach Claim Eligibility

In order to make an eligible claim for data breach compensation, you will need to meet the following eligibility criteria:

  1. The data breach was caused by the organisation’s failings.
  2. The breach compromised your personal data.
  3. You suffered financial losses or mental harm due to the personal data breach.

Any organisation that processes your personal data must adhere to the rules and regulations found in the UK GDPR and the DPA 2018, as together, these form data protection laws. If they fail to comply with data protection laws, this could result in your personal data being breached. It is a breach of the UK GDPR for email addresses to be shared without a lawful basis for doing so. You must have also suffered either psychological injuries or financial harm as a result of the email sharing.

To see whether you may have a valid claim, you can contact our advisors. They may also be able to connect you with one of our solicitors who could assist you with your case.

 In What Circumstances Can Your Email Address Be Shared?

Sometimes, if you sign up for products and services, enter competitions or request information from an organisation, you could give out some of your personal data to do so. If you did in the past, prior to 2018 when the UK GDPR was implemented and the Data Protection Act 2018 updated alongside it, your personal data may not have been as well-protected.

Now, under the UK GDPR, giving out email addresses could be considered unlawful in some instances. However, in other instances, it may not be a breach of GDPR. In addition to this, under GDPR, sending personal data by email could be considered a data breach. So too could an email data leak, having personal information sent to the wrong email address, and this could have a number of unwanted consequences.

Organisations can lawfully share your personal information if:

  • You consent to it; or
  • They need to do so to fulfil a contract with you; or
  • They need to do so to comply with the law; or
  • Your life or someone else’s life is in danger and it’s, therefore, necessary; or
  • They’re using it to fulfil a task that’s in the public interest; or
  • They have legitimate business interests

Data Protection Breach Examples In The UK

Now we’ve answered the questions “is sharing an email address a breach of GDPR?this section examines a few examples of how your email address could be exposed in a personal data breach and cause you to suffer harm.

Examples can include:

  • A failure to use blind carbon copy (BCC) when sending workplace documents.
  • Inadequate staff training meant hard copies of client mailing lists were not properly secured and subsequently lost.
  • Administrative errors resulted in your contact information being sent to the wrong address.

There are many other circumstances in which our specialist data breach solicitors could help you to seek compensation. Reach out to our advisory team today for a free eligibility assessment. If your potential claim is deemed valid, then you could be connected with a highly experienced solicitor. The team are available 24 hours a day via the contact information given below.

Examples Of Evidence To Support Your Personal Data Breach Claim

Gathering evidence after an email data breach that compromised your personal information can be extremely beneficial to your claim. Evidence can help showcase how you were harmed, how the breach occurred, and who was responsible for the UK GDPR breach. Examples of evidence that you could collect to strengthen your claim can include:

  •   Correspondence with the party at fault: You may receive a letter or email of notification if your data was compromised in a data breach. Following this, you could ask the organisation to specify what personal data was compromised.
  •   Medical records: Your medical records or any other medical documents that illustrate how the breach has affected your mental well-being could be used to support your claim.
  •   Correspondence with the ICO: Complaints made to the ICO or the findings of an official ICO investigation could both be used as evidence in your claim.

These are only a few examples of the kinds of evidence that could be used to support a personal data breach claim. Contact our team today to find out how one of our solicitors could help you strengthen your claim.

What Compensation Can I Receive For An Email Data Breach

If you’ve suffered a personal or work email address data breach that has affected your personal data, you may want to know more about your data rights and the potential compensation you could receive.

A UK GDPR email breach resulting from an organisation’s failings that affects your personal data and causes you financial damage or psychological harm, could result in you receiving compensation.

Non-material damages relate to the psychological trauma you may have experienced from your personal data being breached. Psychological injuries you may be able to claim for include anxiety, depression, distress and post-traumatic stress disorder.

Below is a list of compensation brackets from the Judicial College Guidelines based on past cases. These figures are taken from the latest guidelines, published in April 2024.

It’s important to remember that these figures are guidelines only. Every claim is unique, so you are likely to receive a different amount from the ones listed below.

Type of HarmNotesAmount
Multiple injuries and financial lossesSevereUp to £500,000+
Psychological HarmSevere£66,920 to £141,240
Moderately Severe£23,270 to £66,920
Moderate£7,150 to £23,270
Less Severe£1,880 to £7,150
PTSD Severe£73,050 to £122,850
Moderately Severe£28,250 to £73,050
Moderate£9,980 to £28,250
Less Severe£4,820 to £9,980

What Else Can I Claim For After A GDPR Email Breach?

Material damage relates to the financial losses you’ve suffered as a result of the UK GDPR email breach of your personal data. Potential financial losses you could incur from such a data breach include:

  • Healthcare costs – For instance, you may require medication to treat stress caused by the breach.
  • Travel costs – If, for instance, you’ve had to drive to the hospital for health appointments related to this, you may be able to claim for the expenses caused, such as the cost of petrol.
  • Loss of earnings – You could lose money because you’re unable to work as a result of stress caused by the breach. If this is long-term or permanent, you may also be able to claim for future loss of earnings.

However, this is not an exhaustive list of the losses you could claim for. You could potentially claim for other financial loss relating to the data breach. However, you would need financial evidence highlighting these losses such as receipts, invoices and bank statements. To learn more about claiming for a GDPR email breach, please contact us for free legal advice using the details above.

How Could No Win No Fee Solicitors Help You?

If you have a valid claim for email data breach compensation, you could claim with one of our No Win No Fee lawyers.

No Win No Fee means you would not pay legal fees to your lawyer until your claim ends, and compensation comes through. A No Win No Fee solicitor would need to have you sign a Conditional Fee Agreement prior to taking your claim. (This is a formal term for No Win No Fee agreement.)

This would denote the percentage of the success fee you’d pay from your settlement to your lawyer at the end of your claim. You’d only pay this if the claim is successful. Additionally, the fee is capped by law.

If your solicitor doesn’t achieve compensation, you wouldn’t need to pay them any solicitor fees at all.

Contact Our Team

Here at Legal Expert, we would be happy to assist you if you want to have a free claims assessment or you’re ready to begin a No Win No Fee claim. Our service comes highly recommended, as you can see from our reviews. All you need to do to get started is:

A client asks a solicitor 'Is sharing an email address a breach of GDPR?

More Help On Is Sharing An Email Address A Breach Of GDPR?

The ICO Guide To Sharing Personal Data By Email – As well as learning the answer to ‘is sharing an email address a breach of GDPR?’, you can find out what the ICO says about sending personal data by email here.

What Are Personal Data Breaches? – More information about what constitutes a data breach can be found here.

Raising Concerns With The ICO –  You can learn how to raise concerns with the ICO here.

Fax Data Breaches – Find out if you could claim for a fax data breach here.

The Blackbaud Data Breach – You can find out about the Blackbaud data breach here.

Failure To BCC Claims – Find whether a failure to use the BCC field could lead to a claim here.

Other Useful Compensation Guides

We hope this guide, which has answered popular questions such as ‘Is an email address personal data?’ and ‘Is sharing an email address a breach of GDPR?’, has proven to be useful. If you would like to speak to an advisor about any queries you have, then please don’t hesitate to get in touch. You can contact Legal Expert on the phone or online by using the contact details included in this guide.

Meet The Team

  • Patrick Mallon legal expert author

    Patrick is a Grade A solicitor having qualified in 2005. He's an an expert in accident at work and public liability claims and is currently our head of the EL/PL department. Get in touch today for free to see how we can help you.

    View all posts