Skip to Main Content
Lawyers in Edinburgh
Solicitors in Edinburgh
Family Solicitors/Lawyers in Edinburgh

Latest news and insights

Land Reform (Scotland) Bill introduced March 2024

An overview of the content in Part 1 & 2 of the Land Reform (Scotland) Bill introduced to Parliament on 13 March 2024.

Gillespie Macandrew announced as Great Glen 2024 sponsor

Gillespie Macandrew is delighted to announce its sponsorship of the RSABI Great Glen Challenge 2024.

Employment Law Changes – What should you look out for in April 2024?

Employment Law Changes – What should you look out for in April 2024?

Charity Data Breaches

Published: 10 November 2021
Time to read: 3 mins

Charities are reminded of the importance of keeping personal data secure after the Information Commissioner’s Office (ICO) imposed fines recently on two UK charities for breaches of data protection rules in the UK.

In July 2021, the ICO (as regulator of data protection in the UK) imposed a fine of £25,000 on the transgender charity Mermaids for failing to keep personal data secure.  In 2019 the charity became aware of a data breach and reported the breach to the ICO.  However, the breach itself had started in 2016 when an internal email group set up and used by the charity, resulted in emails being available to search online.  The emails contained personal data (names and email addresses) and sensitive personal data (details of mental and physical health, and sexual orientation).

In October 2021, the ICO then imposed a fine of £10,000 on HIV Scotland as a result of their bulk email practices which resulted in a breach of data protection laws when email addresses were shown to all recipients (including 65 emails where the individuals were identified by name).  Given the personal data involved, it was possible to assume certain things about an individual’s HIV status or risk which meant special category data was made available.  Following its investigation, the ICO found the charity had insufficient staff training in place, improper email practices and an inadequate data protection policy in place.

In both cases, the charities had been dealing with information that could cause substantial damage and distress, as well as potential prejudice or abuse, if the information had gotten into the wrong hands.  It is unsurprising that the ICO has imposed fines for the breaches and it highlights the need for charities to take data protection seriously.  Aside from a breach in data protection rules, there is the potential for reputational damage and distrust, which could have a lasting effect on a charity and its revenue.


As with all things data protection- related, it is crucial that charities keep good records of decisions made to demonstrate compliance so that if the ICO comes asking questions a few years later, they can show that they considered data protection and explain the reason they took a particular action.

It is equally important to keep data (and its security) under review, updating policies and procedures at appropriate intervals and deleting personal data no longer needed.  Remember that what is appropriate in terms of security will depend on the type of data, the likely harm a breach might cause, and the effect on individuals involved.

Finally, organisations should ensure they have appropriate technical and organisational measures in place to keep any personal data held secure.  This covers a wide range of measures from regular staff training, to controlling access to premises and documents to secure methods of storing and sending data.

If you have any questions on what measures you should have in place or more generally about data protection, please contact a member of our Corporate team.

Back to news list

Go Back


To receive regular updates like this one, you can sign up to our bulletins, and we will provide updates on the issues that matter to you.


Get in touch

Contact us to find out how we can help you.

Get in touch

Lawyers in Edinburgh
Solicitors in Edinburgh
Family Solicitors/Lawyers in Edinburgh

Find a lawyer

If you are looking for a specific member of our team, you can search for them by their name here. You can also search for your regular contact by their area of expertise using the buttons below.

Visit the ‘Our People’ page for more ways to search if you can’t find who you’re looking for.