Why victims of cyberattacks involving human error are entitled to compensation
09/06/2025 | The Scotsman
An article in The Scotsman considers how human error plays a significant role in most personal data breaches. Despite organisations like Marks & Spencer and Adidas being victims of sophisticated cyberattacks, these incidents often only succeed due to tactics such as social engineering. While these data breaches may not be deliberate on the controller's part, this doesn't absolve them of their data protection responsibilities.
The article highlights how non-compliance with data security obligations can lead to regulatory action. In addition, individuals who may have suffered harm due to infringements of the UK General Data Protection Regulation (GDPR) are entitled to compensation, which reflects their actual distress or financial loss. Here, an organisation must prove it bore no responsibility for the event causing harm to avoid liability. The author argues that this becomes challenging when a cyberattack is facilitated by an organisation's or its employees' mistakes.
What is this page?
You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.
The Privacy Newsfeed monitors over 300 global publications, of which more than 6,250 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.