{"id":186371,"date":"2024-02-21T14:12:54","date_gmt":"2024-02-21T14:12:54","guid":{"rendered":"https:\/\/legalvision.co.uk\/?p=186371"},"modified":"2024-05-29T06:25:19","modified_gmt":"2024-05-29T05:25:19","slug":"supplier-breaches-data-protection","status":"publish","type":"post","link":"https:\/\/legalvision.co.uk\/ecommerce-online-business\/supplier-breaches-data-protection\/","title":{"rendered":"Options When an Online Business Supplier Breaches Data Protection Rules in the UK"},"content":{"rendered":"\n<p>Online businesses like you have to comply with many different rules when carrying out the day-to-day work of your eCommerce brand. One of these is data protection rules if you store and process personal data. However, there may be situations where you, as an eCommerce business and data controller, pass personal information to another online business as the supplier or processor of that personal data.&nbsp;<\/p>\n\n\n\n<p>For example, your online business may have customers&#8217; personal details to deliver their goods. However, you may use another online business to deliver their goods for you. In that case, you will pass them the personal data. This article will explain what you can do if your online business supplier breaches <a href=\"https:\/\/legalvision.co.uk\/data-privacy-it\/three-reasons-why-data-protection-is-important-in-the-workplace\/\">data protection rules<\/a>. It is essential to understand this, as data protection breaches can result in penalties such as hefty fines.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What are Data Protection Rules?<\/h2>\n\n\n\n<p>As an online business, you may come across personal data. For example, your online customers may give you personal details such as their date of birth for you to allow them to sign up for your online rewards scheme. If so, your eCommerce business must comply with the <a href=\"https:\/\/www.legislation.gov.uk\/ukpga\/2018\/12\/contents\/enacted\">Data Protection Act 2018<\/a>, which is how the UK implemented the <a href=\"https:\/\/legalvision.co.uk\/data-privacy-it\/documents-gdpr-compliance\/\">General Data Protection Regulation (GDPR)<\/a>.<\/p>\n\n\n\n<p>The Data Protection Act 2018 requires your online business to follow \u2018<a href=\"https:\/\/legalvision.co.uk\/data-privacy-it\/data-protection-principles\/\">data protection principles<\/a>\u2019. These include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>using data lawfully, fairly and transparently;<\/li>\n\n\n\n<li>ensuring that the data you use is for the exact purposes you specify;<\/li>\n\n\n\n<li>using data only as necessary, adequate and relevant;<\/li>\n\n\n\n<li>that you keep data up to date and ensure it is accurate;<\/li>\n\n\n\n<li>that you do not hold onto data longer than needed, and<\/li>\n\n\n\n<li>that you handle data with the right level of security.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">What is a Data Protection Breach for Online Businesses?<\/h2>\n\n\n\n<p>A data protection breach for an online business like you is where a breach of security means that personal data which you either:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>process;<\/li>\n\n\n\n<li>store; or&nbsp;<\/li>\n\n\n\n<li>transmit<\/li>\n<\/ul>\n\n\n\n<p>Has accidentally or unlawfully been:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>destroyed;<\/li>\n\n\n\n<li>lost;<\/li>\n\n\n\n<li>altered;<\/li>\n\n\n\n<li>disclosed without authorisation; or<\/li>\n\n\n\n<li>accessed.<\/li>\n<\/ul>\n\n\n\n\n<a href=\"#content-next\"\n   class=\"block p-4 mt-10 text-xl font-bold text-center text-white no-underline bg-gray-800 rounded-t-xl\">\n    Continue reading this article below the form\n    <i class=\"text-xl fa-regular fa-arrow-down\"><\/i>\n<\/a>\n<div class=\"px-6 pt-10 pb-12 mb-10 text-center bg-gray-100 rounded-b-xl sm:px-12 test\">\n    <div class=\"mb-8 text-2xl font-bold text-orange\">\n        Need legal advice?\n        <br>\n        <span class=\"text-lg not-prose\">\n                            Call <a href=\"tel:+448081968584\" class=\"not-prose\">0808 196 8584<\/a> for urgent assistance.\n                <br>\n                Otherwise, complete this form, and we will contact you within one business day.\n                    <\/span>\n    <\/div>\n\n    \n\n<div class=\"not-prose flex justify-center text-left gform_input_bg_white    \">\n    <script>\nvar gform;gform||(document.addEventListener(\"gform_main_scripts_loaded\",function(){gform.scriptsLoaded=!0}),document.addEventListener(\"gform\/theme\/scripts_loaded\",function(){gform.themeScriptsLoaded=!0}),window.addEventListener(\"DOMContentLoaded\",function(){gform.domLoaded=!0}),gform={domLoaded:!1,scriptsLoaded:!1,themeScriptsLoaded:!1,isFormEditor:()=>\"function\"==typeof InitializeEditor,callIfLoaded:function(o){return!(!gform.domLoaded||!gform.scriptsLoaded||!gform.themeScriptsLoaded&&!gform.isFormEditor()||(gform.isFormEditor()&&console.warn(\"The use of gform.initializeOnLoaded() is deprecated in the form editor context and will be removed in Gravity Forms 3.1.\"),o(),0))},initializeOnLoaded:function(o){gform.callIfLoaded(o)||(document.addEventListener(\"gform_main_scripts_loaded\",()=>{gform.scriptsLoaded=!0,gform.callIfLoaded(o)}),document.addEventListener(\"gform\/theme\/scripts_loaded\",()=>{gform.themeScriptsLoaded=!0,gform.callIfLoaded(o)}),window.addEventListener(\"DOMContentLoaded\",()=>{gform.domLoaded=!0,gform.callIfLoaded(o)}))},hooks:{action:{},filter:{}},addAction:function(o,r,e,t){gform.addHook(\"action\",o,r,e,t)},addFilter:function(o,r,e,t){gform.addHook(\"filter\",o,r,e,t)},doAction:function(o){gform.doHook(\"action\",o,arguments)},applyFilters:function(o){return gform.doHook(\"filter\",o,arguments)},removeAction:function(o,r){gform.removeHook(\"action\",o,r)},removeFilter:function(o,r,e){gform.removeHook(\"filter\",o,r,e)},addHook:function(o,r,e,t,n){null==gform.hooks[o][r]&&(gform.hooks[o][r]=[]);var d=gform.hooks[o][r];null==n&&(n=r+\"_\"+d.length),gform.hooks[o][r].push({tag:n,callable:e,priority:t=null==t?10:t})},doHook:function(r,o,e){var t;if(e=Array.prototype.slice.call(e,1),null!=gform.hooks[r][o]&&((o=gform.hooks[r][o]).sort(function(o,r){return o.priority-r.priority}),o.forEach(function(o){\"function\"!=typeof(t=o.callable)&&(t=window[t]),\"action\"==r?t.apply(null,e):e[0]=t.apply(null,e)})),\"filter\"==r)return e[0]},removeHook:function(o,r,t,n){var e;null!=gform.hooks[o][r]&&(e=(e=gform.hooks[o][r]).filter(function(o,r,e){return!!(null!=n&&n!=o.tag||null!=t&&t!=o.priority)}),gform.hooks[o][r]=e)}});\n<\/script>\n\n                <div class='gf_browser_gecko gform_wrapper gravity-theme gform-theme--no-framework lawyer-form_wrapper gplaceholder_wrapper form-with-labels-no-asterisks_wrapper has-new-validation-error-styling_wrapper' data-form-theme='gravity-theme' data-form-index='0' id='gform_wrapper_2453' style='display:none'><div id='gf_2453' class='gform_anchor' tabindex='-1'><\/div><form method='post' enctype='multipart\/form-data' target='gform_ajax_frame_2453' id='gform_2453' class='lawyer-form gplaceholder form-with-labels-no-asterisks has-new-validation-error-styling' action='\/api\/wp\/v2\/posts\/186371#gf_2453' data-formid='2453' novalidate>\n                        <div class='gform-body gform_body'><div id='gform_fields_2453' class='gform_fields top_label form_sublabel_below description_below validation_below'><div id=\"field_2453_1000\" class=\"gfield gfield--type-honeypot gform_validation_container field_sublabel_below gfield--has-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_1000'>Instagram<\/label><div class='ginput_container'><input name='input_1000' id='input_2453_1000' type='text' value='' autocomplete='new-password'\/><\/div><div class='gfield_description' id='gfield_description_2453_1000'>This field is for validation purposes and should be left unchanged.<\/div><\/div><div id=\"field_2453_1\" class=\"gfield gfield--type-text gfield--input-type-text gf_left_half gfield--width-half gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_1'>First Name<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_text'><input name='input_1' id='input_2453_1' type='text' value='' class='medium'     aria-required=\"true\" aria-invalid=\"false\"   \/><\/div><\/div><div id=\"field_2453_12\" class=\"gfield gfield--type-text gfield--input-type-text gf_right_half gfield--width-half gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_12'>Last Name<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_text'><input name='input_12' id='input_2453_12' type='text' value='' class='medium'     aria-required=\"true\" aria-invalid=\"false\"   \/><\/div><\/div><div id=\"field_2453_2\" class=\"gfield gfield--type-email gfield--input-type-email gf_left_half gfield--width-half gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_2'>Email Address<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_email'>\n                            <input name='input_2' id='input_2453_2' type='email' value='' class='medium'    aria-required=\"true\" aria-invalid=\"false\"  \/>\n                        <\/div><\/div><div id=\"field_2453_3\" class=\"gfield gfield--type-phone gfield--input-type-phone gf_right_half gfield--width-half gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_3'>Phone<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_phone'><input name='input_3' id='input_2453_3' type='tel' value='' class='medium'   aria-required=\"true\" aria-invalid=\"false\"   \/><\/div><\/div><div id=\"field_2453_14\" class=\"gfield gfield--type-select gfield--input-type-select gfield--width-full custom-select gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_14'>Number of Employees in Your Business<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_select'><select name='input_14' id='input_2453_14' class='large gfield_select'    aria-required=\"true\" aria-invalid=\"false\" ><option value='' selected='selected'>Select ...<\/option><option value='0' >0<\/option><option value='1' >1-5<\/option><option value='6' >6-20<\/option><option value='21' >21-50<\/option><option value='51' >51-250<\/option><option value='250' >250+<\/option><\/select><\/div><\/div><div id=\"field_2453_4\" class=\"gfield gfield--type-textarea gfield--input-type-textarea gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_4'>Tell us about your enquiry<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_textarea'><textarea name='input_4' id='input_2453_4' class='textarea medium'     aria-required=\"true\" aria-invalid=\"false\"   rows='10' cols='50'><\/textarea><\/div><\/div><div id=\"field_2453_5\" class=\"gfield gfield--type-html gfield--input-type-html gfield_html gfield_html_formatted gfield_no_follows_desc field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  >By submitting this form, you agree to receive emails from LegalVision and can unsubscribe at any time. View our <a href=\"https:\/\/legalvision.co.uk\/privacy-notice\/\" target=\"_blank\">Privacy Policy<\/a>. <\/div><div id=\"field_2453_8\" class=\"gfield gfield--type-hidden gfield--input-type-hidden gform_hidden field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><div class='ginput_container ginput_container_text'><input name='input_8' id='input_2453_8' type='hidden' class='gform_hidden'  aria-invalid=\"false\" value='http:\/\/legalvision.co.uk\/api\/wp\/v2\/posts\/186371' \/><\/div><\/div><div id=\"field_2453_13\" class=\"gfield gfield--type-hidden gfield--input-type-hidden gform_hidden field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><div class='ginput_container ginput_container_text'><input name='input_13' id='input_2453_13' type='hidden' class='gform_hidden'  aria-invalid=\"false\" value='generic_form' \/><\/div><\/div><fieldset id=\"field_2453_999\" class=\"gfield gfield--type-checkbox gfield--type-choice gfield__uk-marketo-opt-in field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><legend class='gfield_label gform-field-label screen-reader-text' ><\/legend><div class='ginput_container ginput_container_checkbox'><div class='gfield_checkbox ' id='input_2453_999'><div class='gchoice gchoice_2453_999_1'>\n\t\t\t\t\t\t\t\t<input class='gfield-choice-input' name='input_999.1' type='checkbox'  value='1'  id='choice_2453_999_1'   \/>\n\t\t\t\t\t\t\t\t<label for='choice_2453_999_1' id='label_2453_999_1' class='gform-field-label gform-field-label--type-inline'>By submitting this form, you agree to receive content and event invitations from us to help you grow your business. If you do not want to receive such messages, tick here.<\/label>\n\t\t\t\t\t\t\t<\/div><\/div><\/div><\/fieldset><\/div><\/div>\n        <div class='gform-footer gform_footer top_label'> <button type=\"submit\" id=\"gform_submit_button_2453\" class=\"gform_button button\" onclick=\"gform.submission.handleButtonClick(this);\" data-submission-type=\"submit\"><span class=\"gform_submit_button__text\">Submit Now<\/span><\/button> <input type='hidden' name='gform_ajax' value='form_id=2453&amp;title=&amp;description=&amp;tabindex=0&amp;theme=gravity-theme&amp;hash=ec2463697d0d9cef7b71236ae60964c7' \/>\n            <input type='hidden' class='gform_hidden' name='gform_submission_method' data-js='gform_submission_method_2453' value='iframe' \/>\n            <input type='hidden' class='gform_hidden' name='gform_theme' data-js='gform_theme_2453' id='gform_theme_2453' value='gravity-theme' \/>\n            <input type='hidden' class='gform_hidden' name='gform_style_settings' data-js='gform_style_settings_2453' id='gform_style_settings_2453' value='' \/>\n            <input type='hidden' class='gform_hidden' name='is_submit_2453' value='1' \/>\n            <input type='hidden' class='gform_hidden' name='gform_submit' value='2453' \/>\n            \n            <input type='hidden' class='gform_hidden' name='gform_currency' data-currency='GBP' value='FHXfCBbU7RZ\/ka7tYOlO4XkhNXtVDLAgF5xBXdo3NROKVytGf7E\/7J2mZD4J5SU6Lxd9X8xas5+7Ly84OM\/cE1ikYrLwnRpMy9NNY3xiiMRgO8g=' \/>\n            <input type='hidden' class='gform_hidden' name='gform_unique_id' value='' \/>\n            <input type='hidden' class='gform_hidden' name='state_2453' value='WyJ7XCIxNFwiOltcIjIyODY0N2ViMWU3NTcxZjA4YTY4NGJmMDcwMTk3Y2I0XCIsXCJiMzk3YmQ1MDBmMmFjNjk1ODE4MzdmNTBhYTA2MzQ0OFwiLFwiNGYyNGZkZGEwMzlkNDUxMWFhZGE1NGYwZmQwZmNiZTdcIixcIjUyMmJkMDE2M2I2ZmEwOTI3NDZhZjU5YTg0ZmM1NDk5XCIsXCIzODRlNjk1YjQxMTAzMWFiYmQ2ODEyMGYyZWFhMDYyNlwiLFwiYjkzNDcwNTE2MjkxOGRjZWViMjQzNzRjNmE0NGVmNTlcIixcIjQxMTliODZhMzVjYzJiMWViNDZiMmQ4NjRlNGUzZmNjXCJdfSIsIjQ3MjNiMzA2ZDIyZGVkODA2N2YyMjYyOThkYzI1ODVmIl0=' \/>\n            <input type='hidden' autocomplete='off' class='gform_hidden' name='gform_target_page_number_2453' id='gform_target_page_number_2453' value='0' \/>\n            <input type='hidden' autocomplete='off' class='gform_hidden' name='gform_source_page_number_2453' id='gform_source_page_number_2453' value='1' \/>\n            <input type='hidden' name='gform_field_values' value='' \/>\n            \n        <\/div>\n                        <\/form>\n                        <\/div>\n\t\t                <iframe style='display:none;width:0px;height:0px;' src='about:blank' name='gform_ajax_frame_2453' id='gform_ajax_frame_2453' title='This iframe contains the logic required to handle Ajax powered Gravity Forms.'><\/iframe>\n\t\t                <script>\ngform.initializeOnLoaded( function() {gformInitSpinner( 2453, 'https:\/\/legalvision.co.uk\/wp-content\/themes\/legalv-v6\/img\/spinner.svg', true );jQuery('#gform_ajax_frame_2453').on('load',function(){var contents = jQuery(this).contents().find('*').html();var is_postback = contents.indexOf('GF_AJAX_POSTBACK') >= 0;if(!is_postback){return;}var form_content = jQuery(this).contents().find('#gform_wrapper_2453');var is_confirmation = jQuery(this).contents().find('#gform_confirmation_wrapper_2453').length > 0;var is_redirect = contents.indexOf('gformRedirect(){') >= 0;var is_form = form_content.length > 0 && ! is_redirect && ! is_confirmation;var mt = parseInt(jQuery('html').css('margin-top'), 10) + parseInt(jQuery('body').css('margin-top'), 10) + 100;if(is_form){form_content.find('form').css('opacity', 0);jQuery('#gform_wrapper_2453').html(form_content.html());if(form_content.hasClass('gform_validation_error')){jQuery('#gform_wrapper_2453').addClass('gform_validation_error');} else {jQuery('#gform_wrapper_2453').removeClass('gform_validation_error');}setTimeout( function() { \/* delay the scroll by 50 milliseconds to fix a bug in chrome *\/ jQuery(document).scrollTop(jQuery('#gform_wrapper_2453').offset().top - mt); }, 50 );if(window['gformInitDatepicker']) {gformInitDatepicker();}if(window['gformInitPriceFields']) {gformInitPriceFields();}var current_page = jQuery('#gform_source_page_number_2453').val();gformInitSpinner( 2453, 'https:\/\/legalvision.co.uk\/wp-content\/themes\/legalv-v6\/img\/spinner.svg', true );jQuery(document).trigger('gform_page_loaded', [2453, current_page]);window['gf_submitting_2453'] = false;}else if(!is_redirect){var confirmation_content = jQuery(this).contents().find('.GF_AJAX_POSTBACK').html();if(!confirmation_content){confirmation_content = contents;}jQuery('#gform_wrapper_2453').replaceWith(confirmation_content);jQuery(document).scrollTop(jQuery('#gf_2453').offset().top - mt);jQuery(document).trigger('gform_confirmation_loaded', [2453]);window['gf_submitting_2453'] = false;wp.a11y.speak(jQuery('#gform_confirmation_message_2453').text());}else{jQuery('#gform_2453').append(contents);if(window['gformRedirect']) {gformRedirect();}}jQuery(document).trigger(\"gform_pre_post_render\", [{ formId: \"2453\", currentPage: \"current_page\", abort: function() { this.preventDefault(); } }]);        if (event && event.defaultPrevented) {                return;        }        const gformWrapperDiv = document.getElementById( \"gform_wrapper_2453\" );        if ( gformWrapperDiv ) {            const visibilitySpan = document.createElement( \"span\" );            visibilitySpan.id = \"gform_visibility_test_2453\";            gformWrapperDiv.insertAdjacentElement( \"afterend\", visibilitySpan );        }        const visibilityTestDiv = document.getElementById( \"gform_visibility_test_2453\" );        let postRenderFired = false;        function triggerPostRender() {            if ( postRenderFired ) {                return;            }            postRenderFired = true;            gform.core.triggerPostRenderEvents( 2453, current_page );            if ( visibilityTestDiv ) {                visibilityTestDiv.parentNode.removeChild( visibilityTestDiv );            }        }        function debounce( func, wait, immediate ) {            var timeout;            return function() {                var context = this, args = arguments;                var later = function() {                    timeout = null;                    if ( !immediate ) func.apply( context, args );                };                var callNow = immediate && !timeout;                clearTimeout( timeout );                timeout = setTimeout( later, wait );                if ( callNow ) func.apply( context, args );            };        }        const debouncedTriggerPostRender = debounce( function() {            triggerPostRender();        }, 200 );        if ( visibilityTestDiv && visibilityTestDiv.offsetParent === null ) {            const observer = new MutationObserver( ( mutations ) => {                mutations.forEach( ( mutation ) => {                    if ( mutation.type === 'attributes' && visibilityTestDiv.offsetParent !== null ) {                        debouncedTriggerPostRender();                        observer.disconnect();                    }                });            });            observer.observe( document.body, {                attributes: true,                childList: false,                subtree: true,                attributeFilter: [ 'style', 'class' ],            });        } else {            triggerPostRender();        }    } );} );\n<\/script>\n<\/div>\n<\/div>\n<div id=\"content-next\"><!-- scroll anchor --><\/div>\n<h2 class=\"wp-block-heading\">What Can I Do if My Online Business Supplier Breaches Data Protection Rules?<\/h2>\n\n\n\n<p>As an eCommerce business, using another online business for a service makes you the <a href=\"https:\/\/legalvision.co.uk\/data-privacy-it\/data-mapping\/\">controller of this data<\/a>, which you pass to them as a supplier or processor. Your eCommerce business controls the data because you decide what data the other online business needs to process. The supplier or processor will follow your instructions.\u00a0<\/p>\n\n\n\n<p>You expect the processor or supplier to act responsibly with the data and ensure there is no data breach. For example, you expect the supplier to have systems in place, such as technological and organisational ones, to keep the data safe and secure. If your online business supplier commits a personal data breach, they should let you, as the controller of that data, know immediately.&nbsp;<\/p>\n\n\n\n<p>If your online business supplier or processor of personal data breaches data protection rules, you need to know what to do. Your supplier should notify you of a security breach immediately, per the data protection rules and any contract you have with them. You must ask your supplier for as much information about the data protection breach as possible.<\/p>\n\n\n\n<p>Once your eCommerce business, as the controller, has information about the data protection breach by your supplier, you must assess whether it is a \u2018serious personal data breach\u2019. If so, there is a legal requirement to let the Information Commissioner&#8217;s Office (ICO) know without unnecessary delay and at least 72 hours after your supervisor tells you about the data breach.&nbsp;<\/p>\n\n\n\n<p>If the data protection breach means there is a high risk of negatively affecting your customer&#8217;s rights and freedoms, you should tell them about it without unnecessary delay. Ultimately, you should take advice from a legal professional if your online business supplier breaches the data protection rules and affects you as an eCommerce business.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Key Takeaways<\/h2>\n\n\n\n<p>Data protection rules control how businesses like your eCommerce business use and process data. Failing to comply with these rules can result in a data protection breach. This can mean a penalty for your business, such as a fine. If you pass personal data to another online business, they are the data processor or supplier. Your online brand is the data controller as you choose what data to pass them and instruct them.&nbsp;<\/p>\n\n\n\n<p>For example, if they pass the names and addresses of your customers to an online business that you use to deliver the purchases. If your online business supplier or processor of personal data has a data protection breach, they must notify you as the controller immediately. You will need to assess if it is a \u2018serious personal data breach\u2019 and, if so, let the ICO know. You must also inform your customers if the breach affects their rights and freedoms.&nbsp;If you need help understanding what you can do if your online business supplier breaches data protection rules. <\/p>\n\n\n\n<p>For more information, LegalVision\u2019s experienced <a href=\"https:\/\/legalvision.co.uk\/business-lawyers-lp\/\">eCommerce lawyers<\/a> can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on <a href=\"tel:+448081968584\" class=\"AVANSERnumber dynamic-number\">0808 196 8584<\/a> or visit our <a href=\"https:\/\/legalvision.co.uk\/membership\">membership page<\/a>.<\/p>\n<div class=\"not-prose m-feedback-prompt\">\n    <!-- Thumbs up\/down bar -->\n    <div class=\"m-feedback-prompt__main\">\n        <div class=\"m-feedback-prompt__title\">Was this article helpful?<\/div>\n        <div>\n            <!--span class=\"m-feedback-prompt__button--text\">Thanks!<\/span-->\n            <button type=\"button\" class=\"m-feedback-prompt__button m-feedback-prompt__button--yes\"\n                    data-analytics-link=\"feedback-prompt:yes\" aria-label=\"Agree\">\n                <i class=\"fa-regular fa-thumbs-up fa-3x\"><\/i>\n            <\/button>\n            <button type=\"button\" class=\"m-feedback-prompt__button m-feedback-prompt__button--no\"\n                    data-analytics-link=\"feedback-prompt:no\" aria-label=\"Disagree\">\n                <i class=\"fa-regular fa-thumbs-down fa-3x\"><\/i>\n            <\/button>\n        <\/div>\n    <\/div>\n\n    <!-- Feedback form -->\n    <div class=\"m-feedback-prompt__form\">\n        <div class=\"m-feedback-prompt__form--thanks \">\n            <div>Thanks!<\/div>\n            <p>\n                We appreciate your feedback \u2013 your submission has been successfully received.            <\/p>\n        <\/div>\n        <form id=\"contact-form\" class=\"m-feedback-prompt__form--form\" action=\"\" method=\"post\">\n            <input type=\"hidden\" id=\"authenticity_token\" name=\"authenticity_token\" value=\"9eb4f72322\" \/><input type=\"hidden\" name=\"_wp_http_referer\" value=\"\/api\/wp\/v2\/posts\/186371\" \/>            <input value=\"https:\/\/legalvision.co.uk\/ecommerce-online-business\/supplier-breaches-data-protection\/\" type=\"hidden\" name=\"currenturl\"\n                   id=\"currenturl\">\n            <input value=\"Options When an Online Business Supplier Breaches Data Protection Rules in the UK\" type=\"hidden\" name=\"currenttitle\"\n                   id=\"currenttitle\">\n            <label>\n                <!-- display on thumbs-up -->\n                <span class=\"m-feedback-prompt__feedback m-feedback-prompt__feedback--yes\">\n                    Can you tell us <span class=\"font-semibold\">why<\/span> you found it helpful?\n                <\/span>\n\n                <!-- display on thumbs-down -->\n                <span class=\"m-feedback-prompt__feedback m-feedback-prompt__feedback--no text-lg\">\n                    How can we better improve this article?\n                <\/span>\n                <textarea name=\"feedbackmessage\" id=\"feedbackmessage\" required><\/textarea>\n            <\/label>\n\n            <div class=\"m-feedback-prompt__form--error\" id=\"form-submit-error\"><\/div>\n            <button id=\"submit-contact-form-button\" type=\"submit\" name=\"commit\" class=\"m-feedback-prompt__form--submit\"\n                    data-analytics-link=\"feedback-prompt:submit\">\n                Submit            <\/button>\n        <\/form>\n    <\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Online businesses like you have to comply with many different rules when carrying out the day-to-day work of your eCommerce brand. One of these is data protection rules if you store and process personal data. However, there may be situations where you, as an eCommerce business and data controller, pass personal information to another online<a href=\"https:\/\/legalvision.co.uk\/ecommerce-online-business\/supplier-breaches-data-protection\/\">Continue reading <span class=\"sr-only\">&#8220;Options When an Online Business Supplier Breaches Data Protection Rules in the UK&#8221;<\/span><\/a><\/p>\n","protected":false},"author":13326,"featured_media":3166,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"186217,184727,182972,184858,1760,186152","_relevanssi_noindex_reason":"","editor_notices":[],"footnotes":""},"categories":[34],"tags":[20,798,1341,1367],"class_list":["post-186371","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ecommerce-online-business","tag-small-business","tag-data-protection-rules","tag-gdpr-compliance","tag-information-commissioners-office"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Supplier Breaches Data Protection Rules | LegalVision UK<\/title>\n<meta name=\"description\" content=\"This article will explain the options available to your business if an online business supplier breaches data protection rules in the UK.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/legalvision.co.uk\/ecommerce-online-business\/supplier-breaches-data-protection\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Supplier Breaches Data Protection Rules | LegalVision UK\" \/>\n<meta property=\"og:description\" content=\"This article will explain the options available to your business if an online business supplier breaches data protection rules in the UK.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/legalvision.co.uk\/ecommerce-online-business\/supplier-breaches-data-protection\/\" \/>\n<meta property=\"og:site_name\" content=\"LegalVision UK\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/LegalVision\" \/>\n<meta property=\"article:published_time\" content=\"2024-02-21T14:12:54+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-05-29T05:25:19+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/05\/24121813\/business-image-0522107.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1016\" \/>\n\t<meta property=\"og:image:height\" content=\"677\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Clare Farmer\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@LegalVision_law\" \/>\n<meta name=\"twitter:site\" content=\"@LegalVision_law\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Clare Farmer\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/legalvision.co.uk\/ecommerce-online-business\/supplier-breaches-data-protection\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/legalvision.co.uk\/ecommerce-online-business\/supplier-breaches-data-protection\/\"},\"author\":{\"name\":\"Clare Farmer\",\"@id\":\"https:\/\/legalvision.co.uk\/#\/schema\/person\/46fdb392af527f38f90649480343e732\"},\"headline\":\"Options When an Online Business Supplier Breaches Data Protection Rules in the UK\",\"datePublished\":\"2024-02-21T14:12:54+00:00\",\"dateModified\":\"2024-05-29T05:25:19+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/legalvision.co.uk\/ecommerce-online-business\/supplier-breaches-data-protection\/\"},\"wordCount\":877,\"image\":{\"@id\":\"https:\/\/legalvision.co.uk\/ecommerce-online-business\/supplier-breaches-data-protection\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/05\/24121813\/business-image-0522107.jpg\",\"keywords\":[\"small business\",\"data protection rules\",\"GDPR compliance\",\"Information Commissioner&#039;s Office\"],\"articleSection\":[\"Ecommerce and Online Business Articles\"],\"inLanguage\":\"en-GB\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/legalvision.co.uk\/ecommerce-online-business\/supplier-breaches-data-protection\/\",\"url\":\"https:\/\/legalvision.co.uk\/ecommerce-online-business\/supplier-breaches-data-protection\/\",\"name\":\"Supplier Breaches Data Protection Rules | LegalVision UK\",\"isPartOf\":{\"@id\":\"https:\/\/legalvision.co.uk\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/legalvision.co.uk\/ecommerce-online-business\/supplier-breaches-data-protection\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/legalvision.co.uk\/ecommerce-online-business\/supplier-breaches-data-protection\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/05\/24121813\/business-image-0522107.jpg\",\"datePublished\":\"2024-02-21T14:12:54+00:00\",\"dateModified\":\"2024-05-29T05:25:19+00:00\",\"author\":{\"@id\":\"https:\/\/legalvision.co.uk\/#\/schema\/person\/46fdb392af527f38f90649480343e732\"},\"description\":\"This article will explain the options available to your business if an online business supplier breaches data protection rules in the UK.\",\"breadcrumb\":{\"@id\":\"https:\/\/legalvision.co.uk\/ecommerce-online-business\/supplier-breaches-data-protection\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/legalvision.co.uk\/ecommerce-online-business\/supplier-breaches-data-protection\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/legalvision.co.uk\/ecommerce-online-business\/supplier-breaches-data-protection\/#primaryimage\",\"url\":\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/05\/24121813\/business-image-0522107.jpg\",\"contentUrl\":\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/05\/24121813\/business-image-0522107.jpg\",\"width\":1016,\"height\":677,\"caption\":\"What Actions Should Commercial Tenants Take if They Receive a Section 25 Notice? | LegalVision UK\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/legalvision.co.uk\/ecommerce-online-business\/supplier-breaches-data-protection\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/legalvision.co.uk\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Ecommerce and Online Business Articles\",\"item\":\"https:\/\/legalvision.co.uk\/category\/ecommerce-online-business\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Options When an Online Business Supplier Breaches Data Protection Rules in the UK\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/legalvision.co.uk\/#website\",\"url\":\"https:\/\/legalvision.co.uk\/\",\"name\":\"LegalVision UK\",\"description\":\"LegalVision is a commercial law firm in the UK with a commitment to innovation\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/legalvision.co.uk\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/legalvision.co.uk\/#\/schema\/person\/46fdb392af527f38f90649480343e732\",\"name\":\"Clare Farmer\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/legalvision.co.uk\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/03\/12052028\/LegalVision_square_logo-150x150.png\",\"contentUrl\":\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/03\/12052028\/LegalVision_square_logo-150x150.png\",\"caption\":\"Clare Farmer\"},\"description\":\"Clare has a postgraduate diploma in law and writes on a range of subjects and in a variety of genres. Prior to her freelance writing work, Clare worked for UK central government in policy and communication roles. She has also run her own businesses where she founded a magazine and was editor-in-chief. She is currently studying part-time towards a PhD predominantly in international public law. Qualifications: PhD, Human Rights Law (underway), University of Bedfordshire, Post graduate diploma, Law, Middlesex University.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/ms-clare-susannah-f-4a243545\/\"],\"url\":\"https:\/\/legalvision.co.uk\/author\/clarefarmer\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Supplier Breaches Data Protection Rules | LegalVision UK","description":"This article will explain the options available to your business if an online business supplier breaches data protection rules in the UK.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/legalvision.co.uk\/ecommerce-online-business\/supplier-breaches-data-protection\/","og_locale":"en_GB","og_type":"article","og_title":"Supplier Breaches Data Protection Rules | LegalVision UK","og_description":"This article will explain the options available to your business if an online business supplier breaches data protection rules in the UK.","og_url":"https:\/\/legalvision.co.uk\/ecommerce-online-business\/supplier-breaches-data-protection\/","og_site_name":"LegalVision UK","article_publisher":"https:\/\/www.facebook.com\/LegalVision","article_published_time":"2024-02-21T14:12:54+00:00","article_modified_time":"2024-05-29T05:25:19+00:00","og_image":[{"width":1016,"height":677,"url":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/05\/24121813\/business-image-0522107.jpg","type":"image\/jpeg"}],"author":"Clare Farmer","twitter_card":"summary_large_image","twitter_creator":"@LegalVision_law","twitter_site":"@LegalVision_law","twitter_misc":{"Written by":"Clare Farmer","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/legalvision.co.uk\/ecommerce-online-business\/supplier-breaches-data-protection\/#article","isPartOf":{"@id":"https:\/\/legalvision.co.uk\/ecommerce-online-business\/supplier-breaches-data-protection\/"},"author":{"name":"Clare Farmer","@id":"https:\/\/legalvision.co.uk\/#\/schema\/person\/46fdb392af527f38f90649480343e732"},"headline":"Options When an Online Business Supplier Breaches Data Protection Rules in the UK","datePublished":"2024-02-21T14:12:54+00:00","dateModified":"2024-05-29T05:25:19+00:00","mainEntityOfPage":{"@id":"https:\/\/legalvision.co.uk\/ecommerce-online-business\/supplier-breaches-data-protection\/"},"wordCount":877,"image":{"@id":"https:\/\/legalvision.co.uk\/ecommerce-online-business\/supplier-breaches-data-protection\/#primaryimage"},"thumbnailUrl":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/05\/24121813\/business-image-0522107.jpg","keywords":["small business","data protection rules","GDPR compliance","Information Commissioner&#039;s Office"],"articleSection":["Ecommerce and Online Business Articles"],"inLanguage":"en-GB"},{"@type":"WebPage","@id":"https:\/\/legalvision.co.uk\/ecommerce-online-business\/supplier-breaches-data-protection\/","url":"https:\/\/legalvision.co.uk\/ecommerce-online-business\/supplier-breaches-data-protection\/","name":"Supplier Breaches Data Protection Rules | LegalVision UK","isPartOf":{"@id":"https:\/\/legalvision.co.uk\/#website"},"primaryImageOfPage":{"@id":"https:\/\/legalvision.co.uk\/ecommerce-online-business\/supplier-breaches-data-protection\/#primaryimage"},"image":{"@id":"https:\/\/legalvision.co.uk\/ecommerce-online-business\/supplier-breaches-data-protection\/#primaryimage"},"thumbnailUrl":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/05\/24121813\/business-image-0522107.jpg","datePublished":"2024-02-21T14:12:54+00:00","dateModified":"2024-05-29T05:25:19+00:00","author":{"@id":"https:\/\/legalvision.co.uk\/#\/schema\/person\/46fdb392af527f38f90649480343e732"},"description":"This article will explain the options available to your business if an online business supplier breaches data protection rules in the UK.","breadcrumb":{"@id":"https:\/\/legalvision.co.uk\/ecommerce-online-business\/supplier-breaches-data-protection\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/legalvision.co.uk\/ecommerce-online-business\/supplier-breaches-data-protection\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/legalvision.co.uk\/ecommerce-online-business\/supplier-breaches-data-protection\/#primaryimage","url":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/05\/24121813\/business-image-0522107.jpg","contentUrl":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/05\/24121813\/business-image-0522107.jpg","width":1016,"height":677,"caption":"What Actions Should Commercial Tenants Take if They Receive a Section 25 Notice? | LegalVision UK"},{"@type":"BreadcrumbList","@id":"https:\/\/legalvision.co.uk\/ecommerce-online-business\/supplier-breaches-data-protection\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/legalvision.co.uk\/"},{"@type":"ListItem","position":2,"name":"Ecommerce and Online Business Articles","item":"https:\/\/legalvision.co.uk\/category\/ecommerce-online-business\/"},{"@type":"ListItem","position":3,"name":"Options When an Online Business Supplier Breaches Data Protection Rules in the UK"}]},{"@type":"WebSite","@id":"https:\/\/legalvision.co.uk\/#website","url":"https:\/\/legalvision.co.uk\/","name":"LegalVision UK","description":"LegalVision is a commercial law firm in the UK with a commitment to innovation","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/legalvision.co.uk\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/legalvision.co.uk\/#\/schema\/person\/46fdb392af527f38f90649480343e732","name":"Clare Farmer","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/legalvision.co.uk\/#\/schema\/person\/image\/","url":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/03\/12052028\/LegalVision_square_logo-150x150.png","contentUrl":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/03\/12052028\/LegalVision_square_logo-150x150.png","caption":"Clare Farmer"},"description":"Clare has a postgraduate diploma in law and writes on a range of subjects and in a variety of genres. Prior to her freelance writing work, Clare worked for UK central government in policy and communication roles. She has also run her own businesses where she founded a magazine and was editor-in-chief. She is currently studying part-time towards a PhD predominantly in international public law. Qualifications: PhD, Human Rights Law (underway), University of Bedfordshire, Post graduate diploma, Law, Middlesex University.","sameAs":["https:\/\/www.linkedin.com\/in\/ms-clare-susannah-f-4a243545\/"],"url":"https:\/\/legalvision.co.uk\/author\/clarefarmer\/"}]}},"_links":{"self":[{"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/posts\/186371","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/users\/13326"}],"replies":[{"embeddable":true,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/comments?post=186371"}],"version-history":[{"count":6,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/posts\/186371\/revisions"}],"predecessor-version":[{"id":188513,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/posts\/186371\/revisions\/188513"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/media\/3166"}],"wp:attachment":[{"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/media?parent=186371"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/categories?post=186371"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/tags?post=186371"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}