Q&As

Is it a breach of confidentiality and/or a personal data breach (under the UK GDPR) if documents that have been disclosed to the other side (ie bank statements) during the disclosure process are then shown to a third party by the other side?

read titleRead full title
Published on LexisPSL on 02/03/2021

The following Information Law Q&A provides comprehensive and up to date legal information covering:

  • Is it a breach of confidentiality and/or a personal data breach (under the UK GDPR) if documents that have been disclosed to the other side (ie bank statements) during the disclosure process are then shown to a third party by the other side?
  • Position under the UK GDPR
  • Personal data breach
  • General compliance with the UK GDPR
  • Breach of confidence
  • CPR 31.22—collateral purpose rule
  • Protecting confidentiality during litigation

Is it a breach of confidentiality and/or a personal data breach (under the UK GDPR) if documents that have been disclosed to the other side (ie bank statements) during the disclosure process are then shown to a third party by the other side?

We have assumed that:

  1. relevant documents disclosed include personal data as defined by the United Kingdom General Data Protection Regulation, Retained Regulation (EU) 2016/679 (UK GDPR) regime and the disclosure was subject to the UK GDPR regime

  2. the question, in so far as it relates to data protection, is in relation to the UK GDPR only

  3. the personal data does not include special categories of personal data (as defined in the UK GDPR, Retained Regulation (EU) 2016/679, Art 9)

Position under the UK GDPR

The UK GDPR regime governs the 'processing' of 'personal data' that is otherwise within material and territorial scope of the UK GDPR regime. For an introduction to the UK GDPR, including its scope, see Practice Note: The UK General Data Protection Regulation (UK GDPR). For the purposes of this reply we have assumed the UK GDPR regime applied but that should be confirmed in the circumstances.

Personal data breach

A 'personal data breach' is defined under UK GDPR, Retained Regulation (EU) 2016/679, Art 4(12) as '…a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or

Popular documents