Data Breach Compensation

Data protection breach compensation claims guide

Data protection breach compensation claims guide

You may have heard about data breaches in the news and you may even have been informed that your personal data has been involved in a breach. But do you know what a data protection breach is? Furthermore, did you know that you could be compensated for any harm caused by some data breaches? Well, that’s the case and in this article, we’ll look at what suffering might be caused by a data leak. Also, we’ll explain why you might be able to claim compensation. We’ll look at the laws that have been introduced to protect you.  Finally, we’ll list some of the organisations (or data controllers) who hold information about you.

If you do wish to start a data breach claim, our team can help. They will review any claim without obligation and give you free legal advice too. Where your claim appears to have a reasonable chance of success, you could be referred to a data breach solicitor from our panel. Should they accept you as a client, they’ll represent you on a No Win No Fee basis. Importantly, that will mean no solicitor’s fees need to be paid unless you receive compensation.

We’re available on 0800 408 7825 if you’d like to begin a data protection breach claim right away. Alternatively, please read on to learn more about the claims process.

Select A Section

What Is A Data Protection Breach?

According to the UK General Data Protection Regulation (UK GDPR), personal data protection breaches are security incidents, that results in personal data being unlawfully or accidentally destroyed, changed, lost, disclosed or accessed in an unauthorised manner.

Within the UK GDPR, there are some key terms that we should define here:

  • Data controllers – an organisation that controls why and how personal data is used.
  • Data processors – an organisation or individual who act on behalf of the data controller.
  • The data subject – this is an identifiable or identified individual whose personal data has been processed.

Although it may not seem quite clear just yet how a data breach could affect you, if you think about all the personal information that may be stored about you, how you would feel if this was leaked. You could suffer financially, psychologically or both as a result of the breach.

Data protection breaches could happen in a number of different ways. Some can be deliberate while others are human error and accidental. For you to be able to pursue a data breach claim for compensation the onus is on you to prove that your data was not secure.

Importantly, the breach will need to have happened because of a wrongful act by either the processor or controller. For example, a claim might be possible if your data was stored on an unencrypted laptop that was lost.

Psychological suffering can include distress, anxiety, embarrassment and also Post-Traumatic Stress Disorder (PTSD).

Whether the data breach was caused by human error or criminal activity, you could have grounds to claim compensation. Please call today if you’d like us to check whether you have the grounds to proceed.

What Is The Data Protection Act And UK GDPR?

Let’s now look at some of the legislation that has been introduced to protect personal data.

What Is The Data Protection Act 2018?

When the UK was a part of the European Union we adopted their EU version of the GDPR and applied it into the Data Protection Act 2018 (DPA). When the United Kingdom left the EU the DPA was altered and we now refer to the UK GDPR.

The DPA provides a framework for the UK’s data protection laws alongside the UK GDPR. It replaced the Data Protection Act 1998 and was updated on 1st January 2021 because of the European Union (Withdrawal Act 2018). The Information Commissioners Office (ICO) is responsible for enforcing data protection laws. Data controllers who fail to adhere to applicable legislation and regulations can be heavily fined by the ICO.

What Is The UK GDPR?

The UK GDPR sits alongside the DPA to help protect personal information. That is any information that could be used to identify an individual directly or indirectly. As a result of the UK GDPR, data controllers and processors require a lawful basis to handle personal information. They must also abide by other data protection principles as well.

Where data protection breaches occur, the ICO can investigate organisations and force them to change the way they work. They could also hand out massive financial penalties too. However, the ICO cannot help you claim for any psychological injuries or monetary losses. For that reason, you will need to take your own legal action,

Which Types Of Companies And Public Bodies Could Keep Personal Data?

You might not realise how many organisations hold data about you that is covered by the UK GDPR. We can’t list them all, but here are a few examples:

  • Local authorities – including information about social care, rental properties and council tax.
  • Banks hold data about you and any financial products you have bought.
  • The NHS. Information relating to your medical history and prescriptions.
  • Universities and schools. Including data about your home address and exam results.
  • Online purchases – may hold information such as your name, email address, home address and banking details.
  • Employer will hold information about your salary, banking details and contact details.

As a result of the UK GDPR, all organisations that process personal data must take steps to protect it. If they don’t, and you suffer as a result, you could be compensated. That might be the case if you can show the breach happened because the data controller failed to take all necessary steps to keep your personal information safe. Please call today if you believe you have a valid data protection breach claim.

Data Protection Breach Claim Limitation Periods

Whether you’re claiming for a car accident, a fall or a data protection breach, you will need to claim within the relevant time limit. We suggest starting your claim as early as possible. That’s because while some data breach claims have a 6-year limitation period, others can have as little as 1-year.

To check how long you have to claim, please use live chat or give our advisors a call.

Can I Get Compensation For A Data Breach?

As mentioned previously, data breach compensation might be possible for suffering caused by psychological injury and/or financial losses because of a breach. You must also be able to show with evidence how those you hold responsible for allowing your personal information to be leaked are liable.

In the next section, we’ll explain what amount of compensation might be awarded for psychological suffering. Before we do, let’s look at the evidence that could support your claim:

  • By law, organisations must contact you if they become aware of a data protection breach that puts you at risk. This letter could be used as evidence.
  • Financial documents. Bank statements, receipts and benefit statements could all be used to help prove your losses.
  • Medical records and reports. Records from your GP could be used.

If your case is taken on, one of the data breach lawyers from our panel will assess your evidence. If the defendant doesn’t admit that the breach happened, you may be advised to ask the ICO to investigate. For more information on your options, please call.

How Much Compensation For A Data Protection Breach Could You Get?

In the case of Vidal-Hall and others v Google Inc [2015] at the Court of Appeal, it was ruled that compensation must be considered for any psychological harm caused by data breaches. Importantly, the court said that mental harm can be claimed for regardless of whether any money has been lost. This is a move away from previous rules.

In a separate case (Gulati & Others v MGN Limited [2015]), the court ruled that settlement amounts for these injuries should be based on the amount paid in personal injury law. Therefore, our compensation table, below, uses data from the Judicial College to show how much could be paid.

Mental HarmSettlement RangeDetails
Severe Psychiatric Injury£51,460 - £108,620Marked problems with all of the following factors: coping with life, work or education; maintaining relationships; likelihood of treatment helping; remaining vulnerable. There will be a very poor prognosis.
Moderately Severe
Psychiatric Injury
£17,900 - £51,460Significant problems (as above) but with a more optimistic prognosis.
Moderate Psychiatric Injury£5,500 - £17,900The claimant will have had many of the problems listed above but will have shown a good amount of recovery.
Severe - PTSD£56,180 - £94,470The claimant will suffered permanently from the symptoms of PTSD. They won't be able to function at pre-trauma levels and work will not be possible.
Moderately Severe PTSD£21,730 - £56,180While the symptoms will be similar to above initially, with professional help, the claimant's prognosis will be better.
Moderate PTSD£7,680 - £21,730Largely, the symptoms of PTSD will have been recovered from in this category.

Remember, the amounts listed don’t cover any financial losses you’ve sustained. If you make a successful data breach claim you could be awarded material damages that account for financial losses or expenses but also non-material damages such as mental harm. We have shown examples of non-material damages in the table above.

If you’d like a more personalised compensation estimate, please call today.

Get In Touch With A No Win No Fee Data Breach Solicitor

You may find that you want to hire a data breach solicitor to support your case. A No Win No Fee Agreement can help fund the services of a solicitor. This means if your case is lost you pay no fees to your solicitor and if it is won you pay a success fee to your solicitor out of your compensation.

If you are now ready to begin a data protection breach claim, you can contact us by:

  • Calling our specialists on 0800 408 7825.
  • Using our live chat service.
  • Completing our online form so that we can get back to you.

Related Data Protection Breach Claims Guides

In our final section, we’ve included links to some further guides and external resources that may prove useful.

ICO Enforcement Action – a database of recent fines and enforcement notices issued by the ICO.

Anxiety – NHS information on how anxiety is diagnosed and treated.

Subject Access Requests – Information on how to obtain copies of data held by companies about you.

Human Error Data Breach Claims – Advice on claiming for suffering caused by accidental data breaches.

Wrong Email Address Claims – Information on how using the wrong email address could cause a data protection breach.

Claiming For Lost Wages – This guide explains the process of recouping any lost income during a claim.

We also have some other guides you may find useful:

Thank you for reading our article on data protection breach claims.

Article by RA

Publisher EC.