Were you affected by a data protection breach? Was your personal information exposed in the breach? If so, you may be entitled to file a data breach compensation claim against the entity responsible.
There are laws in place to protect personal data. They exist to prevent personal data from being exposed. However, if failings on the part of an organisation led to a data breach that caused you harm, you might be able to claim.
Our guide provides essential reading on what to do if you suspect your data was compromised in a breach. You’ll find advice on your rights and we explain how you could contact the Information Commissioner’s Office (ICO) which is the independent authority for upholding data rights in the UK.
You will also find information on the sort of compensation you could receive if your case is successful. This could include compensation for material damage such as financial losses, and non-material damage for considerations like the emotional distress a breach caused you.
For more information relating to claiming compensation for a data breach, please click on the sections found below. However, if you are ready to file a claim for a data protection breach an adviser is here to assist you. You can reach a member of the team by:
- Calling us on 0800 408 7825
- Filling out our online form
- Speaking with an advisor using the live chat feature at the bottom-right of this screen
Select A Section
- When Could I Make A Data Protection Breach Claim?
- How Long Do I Have To Claim For A Data Protection Breach?
- The UK GDPR And Data Privacy Rights
- How Do I File A Claim?
- Data Protection Breach Compensation Calculator
- Find Out If We Could Handle Your Data Protection Breach Claim
There are a number of different reasons why an organisation might need to collect your personal data. They are legally obliged to keep the information they hold about you secure. If a data protection breach occurs because the organisation in question failed to do so, and you were harmed as a result, you could be entitled to claim.
There are laws to protect your personal data which all organisations must adhere to. The General Data Protection Regulations (GDPR) is a piece of EU legislation set up to protect the data rights of individuals. This was ratified into UK law with the Data Protection Act 2018. The DPA has been updated since the UK left the EU; it now sits alongside the UK GDPR as the regime that dictates how personal data should be protected.
A breach in data security could cause you financial harm and harm to your mental health. For example, a breach involving your credit card details could lead to money being stolen from your account. This could also cause you stress or anxiety.
If this is the case, you have the right to sue for data breach compensation if they breached data protection law. You could receive compensation for both kinds of harm independently as well as together.
Speak to a member of our team and find out whether you have grounds to sue for compensation. They will review the details of your case and if an adviser determines you have a strong case, they can connect you to a No Win No Fee lawyer from our panel.
Normally you have 6 years to file a claim for harm caused by a data protection breach. However, if the claim is filed against a public body, the deadline is much shorter. If this is the case, you only have 1 year to seek compensation for a data breach.
You should always begin a claim as early as possible because gathering evidence is an important aspect of pursuing compensation. Furthermore, seeking legal advice early means you can confirm which statutory time limit applies to your specific data breach claim.
Speak to an adviser by calling our freephone number found at the top of the page. A member of our team can let you know which time limit applies to your case.
A data breach is defined as a security incident that affects the confidentiality, integrity or availability of personal data. They can happen as a result of human error or a malicious attack, for example.
Personal data is defined as any information which can be used (either alone or when put together with other information) to identify natural persons.
There are a number of different ways your personal data could be breached. For example, someone could send your personal data to the wrong email address or the wrong postal address. Alternatively, a device containing such data that is not password protected could be lost or stolen, meaning that an unauthorised person could access it.
Under data protection, you have the right to:
- Be informed. You have the right to know about the collection and use of your personal data.
- Access. You have the right to access and receive a copy of your personal data.
- Rectification. If your personal data is incorrect, you have the right to have this corrected.
- Erasure. You have the right to have your personal data erased; this is also known as the “right to be forgotten”.
- Restrict processing. You have the right to ask that your personal data is restricted or suppressed.
- Data portability. You have the right to retain and reuse your own personal data for your own purposes.
- Object. You have the right in some circumstances to object to your personal data being processed.
You also have rights related to automated decision making, including profiling. This means you have the right not to be subject to a decision based solely on automated processing which produces legal effects or similarly significantly affects you.
Call a member of our team to find out more information about your rights following a breach of UK GDPR. They can go over the details of your case before advising you on how best to proceed. We can let you know if you could be entitled to claim data breach compensation.
If your personal data is exposed in a way that threatens your rights and freedoms, the organisation in question should tell you without undue delay. They should also let the ICO know within 72 hours.
If you’re concerned with how your personal data is being used, you can approach the organisation directly. You can ask them whether a breach occurred and, if so, what information was affected.
The organisation responsible for exposing your data might offer you some form of compensation to apologise for the breach. You’re free to take this; however, if you do, please be aware that you cannot then go on to make a claim for compensation.
You can report a breach to the ICO, but they cannot award you compensation. However, they can fine the organisation responsible for the breach. You must contact the ICO within 3 months of the last meaningful communication you had with the organisation. If you wait any longer than this, they might not investigate the issue.
Speak to an adviser today and find out whether you have grounds to sue for data breach compensation.
You could receive two different heads of claim if your claim for a data protection breach is successful. These compensate you for material damage and non-material damage. Material damages compensate monetary losses incurred as a result, while non-material damages compensate emotional distress caused by a breach.
A judgement made in the Court of Appeal case Google v Vidal Hall gives you the right to claim non-material damages even when the breach did not involve monetary losses. Previously, you could only claim for emotional harm if the breach also caused you financial losses.
Our table provides compensation payouts which we based on the Judicial College Guidelines (JCG). This is a publication usually used to value personal injury claims, but because of a ruling in the case Gulati and Others vs. MGN it can now also be used to value emotional harm in data breach claims.
|Injury||Severity||Potential compensation payouts||Further details|
|Psychological damage||Severe (a)||£51,460 to £108,620||Extreme emotional distress which negatively impacts every aspect of the claimant's life. Very poor prognosis|
|Psychological damage||Moderately severe (b)||£17,900 to £51,460||Serious problems with ability to work, relationships and other issues which prevents them from leading a normal life but the prognosis is better than in more serious cases|
|Psychological damage||Moderate (c)||£5,500 to £17,900||A marked improvement will have been made over time and the prognosis will be good|
|Psychological damage||Less severe (d)||£1,440 to £5,500||The award in this bracket will be based on a number of considerations, for example, the extent to which daily activities and sleep were affected.|
|PTSD (Post-Traumatic Stress Disorder)||Severe (a)||£56,180 to £94,470||Extremely serious symptoms of PTSD which negatively impacts all aspects of their future life|
|PTSD||Moderately severe (b)||£21,730 to £56,180||Less serious symptoms than above, but their future life is impacted to some degree|
|PTSD||Moderate (c)||£7,680 to £21,730||A recovery will have largely been made|
|PTSD||Less serious (d)||up to £7,680||Recovery is expected, although minor PTSD symptoms may persist|
For more information on how much compensation you could receive for harm caused by a data protection breach, speak with an advisor today. You could be connected with a No Win No Fee data protection solicitor from our panel to work on your case.
Call today and speak to an adviser about making a claim for a data protection breach. They will examine the details of your case to see if your claim is valid.
If you do have a valid claim, you will be connected to a No Win No Fee solicitor from our panel. This kind of agreement means:
- No upfront fees to pay and nothing to pay as the claim is ongoing
- You pay a legally-capped success fee if your claim is successful
- If your claim fails, you don’t pay the success fee or court costs
Call us today to find out if you can make a No Win No Fee claim for compensation following a data breach. You can reach us in the following ways:
- By calling 0800 408 7825
- Filling out the online claims form
- Using the live chat feature to the bottom-right of this screen
Where Can I Find Out More?
Below, we’ve included some additional resources that you might find useful if you’ve experienced a data protection breach:
Guide by OO