Data Protection and Data Leaks

Information Pack for Afghans on the ARAP and ACRS schemes

What Is Data Protection?

Data protection refers to the practices and rules that ensure personal information is used fairly, lawfully, and securely. In the UK, data protection is governed by the UK GDPR and the Data Protection Act 2018.

Personal data includes:

• Name, address, email

• Identification numbers

• Medical records

• Financial details

• Photographs or videos

• IP addresses or location data

What Is a Data Leak or Breach?

A data leak or data breach happens when personal or sensitive information is exposed or accessed without authorisation.

Common examples:

• Lost or stolen devices (laptops, phones)

• Sending an email to the wrong recipient

• Hacking or cyberattacks

• Unauthorised sharing or posting of information

• Insecure cloud or USB storage

Consequences may include:

• Identity theft or fraud

• Emotional distress or reputational damage

• Legal or financial penalties for organisations

• Loss of trust

• Security risk

Your Rights Under UK Data Protection Law

Individuals have the right to:

• Be informed how their data is used

• Access their own data

• Correct inaccurate data

• Request deletion (right to be forgotten)

• Object to how data is used in some cases

• Be notified of data breaches involving their personal data

Organisations must:

• Keep data secure

• Use it fairly and transparently

• Only collect data that is necessary

• Store data accurately and no longer than needed

Points to Consider for Protecting Data

For Individuals:

• Use strong, unique passwords

• Enable two-factor authentication

• Be cautious of phishing emails or fake links

• Don’t overshare personal information online

• Keep devices and apps updated

• Avoid using public Wi-Fi for sensitive tasks

For Organisations & Community Groups:

• Train staff on data protection awareness

• Use encrypted storage and communication tools

• Keep records of how and why personal data is used

• Report breaches to the ICO within 72 hours

• Have a Data Protection Policy in place

• Regularly back up data securely

What to Do If There’s a Data Leak

1. Identify what data was involved

2. Contain the breach (e.g., change passwords, revoke access)

3. Notify those affected if there’s risk of harm

4. Report to the Information Commissioner's Office (ICO) if required

5. Review procedures and update security measures

Useful Contacts & Resources

• ICO (Information Commissioner’s Office) – for complaints or reporting a breach

Website: https://ico.org.uk

Phone: 0303 123 1113

• National Cyber Security Centre – for online safety guidance

Website: https://www.ncsc.gov.uk

USPUK Afghan team is ready to assist you.

For further information, feel free to reach out to us on WhatsApp at +447360861633 or via email at afghanistan@uspuk.org.

*Information last undated on 06.08.2025

**The content in this pack is for informational purposes only. It is not professional advice. Seek guidance from relevant experts or authorities for specific concerns or decisions.