Claiming For Personal Data Breach Under UK GDPR

Personal data breach under the GDPR

Personal data breach claims under the UK GDPR

There are several laws and regulations that apply to data security and privacy in the UK. However, the primary two are the UK version of the General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA). The Information Commissioner’s Office (ICO) is the governing body that oversees compliance with these regulations. Certain data that you share with organisations, is protected under UK data protection and privacy laws. When these laws are not adhered to, it could expose your data to unlawful access or use. This, in turn, could result in you suffering mental harm or financial loss. Reading this guide will act as a primer for making a claim in such circumstances.

Each claim is unique in some way, and we can only cover the basics in this short guide. However, if you do have some questions that remain unanswered when you have finished reading it, our claim advisors can help you. You can call them on 0800 408 7825, or request a callback using our contact form.

Select A Section:

Can I Claim For A Personal Data Breach Under The UK GDPR?

Certain types of data, which we will cover later in this guide, are subject to data privacy and security laws. If an organisation that stores and processes your data does not follow all legislative requirements, this can lead to your data being put at risk.

If a personal data breach occurs, the repercussions for you could affect both your health and your finances. In such instances, if you can prove that the organisation failed to take all proper steps to safeguard your data, a data breach claim may be possible.

What Counts As A Breach Of UK GDPR?

In this section, we will look at how a breach of the UK GDPR could lead to a personal data breach. A breach of UK GDPR is when a data controller, those that decide which data is to be collected and for what purpose, does not adhere to UK GDPR.

Only data that is considered personal and sensitive is protected by the UK GDPR. A data breach is when personal information is involved in a security incident. The information may be subject to being destroyed, lost, stolen, altered, accessed or disclosed unlawfully or by accident.

Some data breaches are the result of ineffective network and computer security. This, in turn, can empower a cybercriminal to gain access to your data for nefarious purposes in a worst-case scenario. Other data branches are the results of error, oversight or omission by humans. Human error can occur when staff are not adequately trained in their data privacy responsibilities.

What Is Considered Personal Information In The UK GDPR?

We have already covered the regulations in place that protect your personal data. Now, you need to learn what types of information these laws protect. Below, we briefly outline what kind of data is protected:

  • Special data – this is all of the information that if exposed, would reveal private details about you. Examples would be your race, ethnicity, religious beliefs, trade union membership, genetic data, health data, sexual orientation, etc.
  • Personal data – is all of the data that uniquely identifies you or belongs to you in some way. Some examples include your name, date of birth, phone number, email address, postal address, as well as your bank account, debit card or credit card information.

Do I Have The Right To Claim For A Personal Data Breach Under The UK GDPR?

The UK GDPR gives data subjects, those who personal data is processed, the right to claim compensation if they have suffered damages because of a personal data breach. However, in order to make a claim for a personal data breach against a data controller it must be established that the data controller was liable for the breach. This would mean the data controller had not took all the necessary steps when it came to securing your personal information.

How Do I Claim For A Personal Data Breach?

An expert data breach lawyer may be able to help you get compensation for mental harm or monetary loss. If you call and talk to one of our advisors, they can explain how you may be able to arrange this under a No Win No Fee agreement.

You need to start your claim within the applicable claims deadline, however. The time limit is one year if you are claiming against a public body, or 6 years in all other cases.

Additionally, there are some other things you could do to gather evidence that would help support a data breach claim;

  • Ask the organisation that exposed your data which data was impacted.
  • Report the data breach to the ICO.
  • Gather documents that prove any ill health or financial losses.

How Much Could You Claim For A Personal Data Breach?

If you win a claim for a personal data breach under the UK GDPR, the level of damages you receive will depend on the circumstances of your case. Facing the impact of a serious data breach could be a very emotionally, stressful and traumatic event. Also knowing your personal or sensitive information had been exposed could cause psychological illnesses. This trauma could lead to mental health problems.

The table below shows example compensation ranges for different psychological injuries. We based this table on the guidelines that are used to value general damages in personal injury claims. These were produced by the Judicial College.

Psychological Issue Severity Compensation Notes
Psychological damage Severe £51,460 to £108,620 The victim suffers from severe mental illness that severely impacts their quality of life. These illnesses can include depression or anxiety, which make it difficult for them to function normally.
Psychological damage Moderate £5,500 to £17,900 Mental health issues such as anxiety or depression may have been present at first. Recovery is likely to be successful, however. 
PTSD Severe £56,180 to £94,470 A severe form of post-traumatic stress disorder has been diagnosed in the victim. Multiple aspects of the victim’s life will be negatively impacted. A person may not be able to work or live their life the same way they did before. Some of the symptoms may be permanent.
PTSD Moderately Severe £21,730 to £56,180 Post-traumatic stress disorder is moderately severe in the victim. In the presence of professional help and treatment, the prognosis for a good recovery is fair. Some psychological symptoms might persist for some time, however.
PTSD Moderate £7,680 to £21,730 There are moderate signs of post-traumatic stress disorder in the victim. Nevertheless, they are likely to recover well. They are unlikely to suffer from related mental health problems that will harm their recovery.
Psychological damage Less Severe £1,440 to £5,500 In addition to the severity of the injury, the length of time it has lasted will determine the compensation award. Also included in this category are minor psychological problems that are not linked to another mental health problem.
PTSD Less Severe £3,710 to £7,680 There are less severe symptoms of post-traumatic stress disorder in the victim. It may take up to two years for mental health issues to resolve.
Psychological damage Moderately Severe £17,900 to £51,460 Mental health problems such as new phobias, depression, or anxiety that are moderately severe. Compensation awards tend to fall in the middle of this range, but can also fall at either end. 

An Overview Of Material Damages

The section above covered non-material damages for psychological injuries. Material damages cover any financial losses caused by the data breach.

This means that you could potentially claim for any financial losses caused by a data breach. Imagine a cybercriminal gaining access to your data, resulting in identity theft. They could spend your bank balance, use your cards to make purchases, etc. You could be able to claim such losses back.

Talk To Us About A Personal Data Breach Under The UK GDPR

We may be able to organise a No Win No Fee solicitor to process your claim. You would not pay any fee to the lawyer until such time as the claim has been won. If it fails, you won’t be asked to pay the lawyer a fee. If you win your claim, a legally limited success fee may be due to your lawyer.

For more information on how to make a compensation claim for a personal data breach under the UK GDPR, use the information below to contact our advisors.

Telephone: 0800 408 7825

Or use our webchat or contact form.

Useful UK GDPR Links

Here are some useful resource links.

Complaining To The ICO

How UK GDPR Is Applied

Find Out What Data An Organisation Has About You

Here are some associated guides.

Stolen Or Lost Device Data Breach Claims

Housing Association Data Breach Claims

Data Protection Claim Solicitors