This guide will explore frequently asked questions regarding data breaches and will help you discover if you’re eligible for compensation. We will explore personal data breaches, what you could claim for, and what time limits could affect the claiming process.
The UK General Data Protection Regulation (UK GDPR) runs in line with the Data Protection Act 2018 (DPA) to protect the personal data of UK residents. An organisation failing to comply with data protection legislation could lead to a personal data breach. If you suffer harm as a result of this breach, you may be able to claim compensation.
To find out if your personal data breach claim is valid, you can contact our team of advisors today. They are available 24/7 to provide free legal advice and help surrounding your claim. If your claim is valid, our advisors may put you in contact with a solicitor from our expert panel.
To get in touch:
- Call us on 0800 408 7825
- Use the live chat feature
- Contact us online
Select A Section
- What Is A Personal Data Breach?
- Who Could Use My Personal Data?
- How Could My Personal Data Be Misused?
- When Can Companies Use My Personal Data Without Permission?
- Is There A Personal Data Breach Claims Time Limit?
- How Much Could You Get For Personal Data Breach Claims?
What Is A Personal Data Breach?
Under the UK GDPR, personal data breaches are security incidents caused by the accidental or unlawful destruction, unauthorised disclosure of, loss, alteration, or access to your personal data. Personal data is information that could identify you. For example, this could be your full name, phone number, or email address. It could also include your credit or debit card details.
You must suffer harm in order to claim for a personal data breach, and you must be able to prove that the breach was a result of the organisation’s failings. For example, they may fail to comply with data protection legislation, or the breach was caused through wrongful conduct.
To find out if your claim is valid, contact our advisors today.
Who Could Use My Personal Data?
Many different organisations will process your data. Organisations that say how and why your data will be collected and used are known as data controllers. Data controllers consist of but are not limited to:
- Banks
- Healthcare providers, such as pharmacies, dental services and opticians
- Social media platforms
- Your employer
- Local council and government agencies
All organisations must have a lawful basis for collecting your personal information. Some organisations will have a lawful basis to process your data without your consent.
Our team can provide more answers to any questions you may have.
How Could My Personal Data Be Misused?
There are many ways that your personal data could be exposed, from human error to cybercrime. Ransomware and phishing scams are two examples of how cybercriminals can gain access to your personal data.
Human error is also a common cause of data breaches. For example, if physical documents are stolen from a filing cabinet that is not locked or if your personal data is sent to the wrong person.
When Can Companies Use My Personal Data Without Permission?
There are six lawful bases for processing personal data, and permission (or consent) is only one of these. The Information Commissioner’s Office (ICO) provides more information on the six lawful bases, which include:
- Consent
- Contract
- Legal obligation
- Vital interests
- Legitimate interests
- Public task
Contact our advisors to learn more about the lawful bases and how they could affect your claim.
Is There A Personal Data Breach Claims Time Limit?
Generally, there is a six-year time limit for starting data breach claims. However, this falls to one year if your claim is against a public body. Speak to our advisors to learn how time limits could affect your claim.
How Much Could You Get For Personal Data Breach Claims?
There are two potential heads of claim you could pursue in a personal data breach claim.
- Material damage: Financial losses due to a breach. For example, money fraudulently transferred from your account or damage to your credit score.
- Non-material damage: A psychological impact following a breach. For example, anxiety, PTSD and depression.
Following on from the Vidal-Hall and Others v Google Inc (2015) case, you do not need to claim material damage to claim compensation for non-material damage.
The Judicial College Guidelines (JCG) provide guideline compensation brackets for non-material damage claims, some examples of which you can find below.
| Psychological Injury | Compensation Guidelines |
|---|---|
| Severe Psychiatric Damage | £54,830 – £115,730 |
| Moderately Severe Psychiatric Damage | £19,070 – £54,830 |
| Moderate Psychiatric Damage | £5,860 – £19,070 |
| Less Severe Psychiatric Damage | £1,540 – £5,860 |
| Severe Post-Traumatic Stress Disorder (PTSD) | £59,860 – £100,670 |
| Moderately Severe Post-Traumatic Stress Disorder (PTSD) | £23,150 – £59,860 |
| Moderate Post-Traumatic Stress Disorder (PTSD) | £8,180 – £23,150 |
| Less Severe Post-Traumatic Stress Disorder (PTSD) | £3,950 – £8,180 |
Please be advised that the JCG is only to be used as a guideline. Contact us today for a more in-depth estimate of what your potential settlement could amount to.
Start Reading Our Guides To Personal Data Breach Claims
Contact our team today to learn more about claiming for personal data breaches and how a solicitor from our panel could help you. To get in touch:
- Call us on 0800 408 7825
- Use the live chat feature
- Contact us online
For more helpful resources:
Or, for more helpful guides:
- How To Claim Compensation For A Data Breach
- If you’ve suffered damage to your mental health or finances after a Liverpool hospital data breach, this guide offers lots of useful information.
- How Long Do You Have To Report A Data Breach And Start A Claim?
- Check Your Data Breach Claim Value
For more questions on personal data breach claims, contact our team.