Clarkslegal LLP - Solicitors in Reading and London

Legal Updates

Dixons Carphone admits major data breach

14 June 2018 #Employment

Dixons Carphone’s review of data and its systems disclosed massive unauthorised access to 5.9 million customer cards and 1.2 million personal records. The incident gathers attention after both GDPR and Data Protection Act 2018 (‘DPA 2018’) came into force on 25 May 2018.

Hacking began July last year and gave access to some 105,000 non-EU payments cards without chip and pin protection. Fortunately for Dixons Carphone, the breach occurred before the GDPR came into force and so it faces a maximum fine of £500,000 under old legislation.

New data provisions under the GDPR impose tougher penalties on organisations for failures to protect their customers personal data, including a fine of up to €20M (£17.6) or 4% of the organisation’s global turnover. The provisions are incorporated into DPA 2018 to ensure national application when the UK exits the EU.

In view of these changes, National Cyber Security Centre has recently stated it is no longer the case where firms can just shut the door to cyber-attacks. Rather they should lock the doors and check them later. Employers and organisations should now take greater steps towards the security of their customers personal information.

Pavles Theodoulou

Clarkslegal, specialist Employment lawyers in London, Reading and throughout the Thames Valley.
For further information about this or any other Employment matter please contact Clarkslegal's employment team by email at by telephone 020 7539 8000 (London office), 0118 958 5321 (Reading office) or by completing the form on this page.
This information is for guidance purposes only and should not be regarded as a substitute for taking legal advice. Please refer to the full General Notices on our website.

Read more articles


Employment team
+44 (0)118 958 5321