GDPR Breach Update

UPA Logo

The UPA has been working hard to resolve the issue of a recent breach of our supporters' data. Last week the UPA received an apology from the individuals responsible for the data breach, along with a commitment to delete the data in the presence of an independent third party.

We can now confirm that this has happened and supporters' data is no longer held by individuals or other organisations. The Information Commissioner's Office is now satisfied that all reasonable steps have been taken to protect the information of individuals.

The UPA has taken additional measures to secure data in our possession and prevent breaches from occurring in future. We are reviewing and revising our systems and processes for handling data, implementing new GDPR compliant data-management software and engaging in training in data management and GDPR compliance for our core team. Data the UPA holds has been deleted for individuals who have requested this.

The UPA would like to issue a heartfelt apology to members and supporters who were affected by this data breach. We understand the serious and sensitive nature of the work we do and the information we handle and are treating this incident as an opportunity to ensure that when anyone entrusts the UPA with their personal data, they are respected and safe to do so.

Thank you for your patience with us in resolving this matter. We are looking forward to getting back to focussing on educating, campaigning and advocating with our kick-ass patient volunteers.


From the UPA Senior Leadership Team
Clark, Carly, Leila and Abby

f you would like to discuss this matter further please contact us. If you feel you may have been affected, you are able to get in touch with the Information Commissioner’s Office.