The Evidence Needed To Make A Claim For A UK GDPR Data Breach

This guide will provide details about how you could make a claim for a UK GDPR data breach. We will clarify what a data breach means, how the UK General Data Protection Regulation (GDPR) is relevant to this, and how you could make a successful data breach compensation claim.

GDPR data breach

Claims for UK GDPR data breach guide

If you prefer, you can contact our team of advisors, who can answer any queries you have about data breach claims. They can be contacted for free 24/7 at any time that suits you. They can tell you if you can claim and even provide you with an estimate. Furthermore, they can also connect you with a specialised No Win No Fee data breach solicitor from our panel.

Contact our team using the below details.

Read on to learn more about claiming for a UK GDPR data breach.

Select A Section

  1. Types Of UK GDPR Data Breaches
  2. Evidence To Show You Were Affected By A UK GDPR Data Breach
  3. Evidence Of How The UK GDPR Data Breach Affected You
  4. Do I Need To Have Suffered Credible Harm?
  5. Data Breach Claim Calculator
  6. Start Your Claim For A UK GDPR Data Breach

Types Of UK GDPR Data Breaches

In 2018 the EU created a directive known as the General Data Protection Regulation GDPR. This was incorporated into UK law through the Data Protection Act 2018 DPA.  However, as the UK is no longer part of the European Union and since the withdrawal, the DPA has been updated. Also, the UK has introduced the UK GDPR.

According to the Information Commissioner’s Office ICO who is the governing body for policing the adherence to data protection laws a personal data breach is a security incident that affects your data. This can be in several ways, for example, your personal data is lost, stolen, accessed, destroyed, altered, or disclosed without authorisation. This can be done accidentally or through unlawful practices.

As we go through the guide we will look at different entities so I think it is important to define what they are:

  • Data Controller  – this is an entity that decides how and why personal data will be processed.
  • Data Processor – this would be an entity that processes personal data on behalf of the data controller. Sometimes the data controller can process their own data.
  • Data Subject  – this is a living person to which the personal data is attached.

Examples of instances where this could happen include information being sent to the wrong email address or the wrong postal address.

However, you wouldn’t necessarily be able to make a successful claim for a UK GDPR data breach simply by being the victim of one. This is because the breach would need to fulfil particular criteria for you to be able to seek compensation. This will be explained later in the article. If you prefer, you can contact our advisors for free using the details above. They can also answer any questions or queries you might have.

Evidence To Show You Were Affected By A UK GDPR Data Breach

One of the most important criteria in order to claim for a data breach involves positive wrongful conduct. A data controller or processor needs to have not adhered to their obligations, which results in a data breach.

If, for instance, your personal data is stolen because a company was hacked, you would only potentially be able to claim if they didn’t have the required cybersecurity to protect your data. This is because there will be instances of data breaches that aren’t caused by a data processor or controller not adhering to the regulations.

Therefore, if the data processor is seen to have done everything they reasonably could to prevent the breach, you may not receive compensation. Furthermore, in most cases, you will receive a data breach notification from the relevant company. This is important as it can be used as evidence when making a data breach claim.

I Received Notification Of A Breach

If your personal data has been breached and you are at risk the relevant data controller or processor needs to send you a notification of this as soon as they are aware of it. This will outline the information that has been accessed and explain how the breach occurred. If you suspect that your data has been breached but have not received a notification, you can make a complaint directly to the third party in question.

If, after complaining to them, you do not receive a satisfactory response, you can make an ICO complaint through the Information Commissioner’s Office (ICO). The ICO are an independent authority created to uphold UK information rights. You need to contact the ICO within three months of the last meaningful contact with the data controller to complain.

Evidence Of How The UK GDPR Data Breach Affected You

Another important aspect of making a claim for a UK GDPR data breach is proving how the breach has negatively affected you. You could suffer financial losses (material damage) or psychological damage (non-material damages).

Examples of instances where you may be seeking these types of damages include if your data was lost or stolen due to information not being destroyed correctly or if the data processor failed to use BCC when sending out a mass email.

Evidence Of Financial Losses

Evidence of financial losses includes:

  • Bank statements
  • Notification letters from third parties, including banks and building societies
  • Receipts

Evidence Of Mental Health Conditions 

Evidence of you suffering mental health conditions includes:

  • Medical reports
  • A list of treatments
  • Therapist correspondence. In serious cases, you may need therapy to help with the psychological effects of the incident.

Do I Need To Have Suffered Credible Harm? 

Financial losses and psychological issues are both considered credible harm. These are the things you would be able to claim for when making a data breach claim. Therefore, if you’ve suffered from a data breach but haven’t experienced any material or non-material damage, you may not be able to claim.

This is due to a legal case; Lloyd v Google LLC [2021]. In this case, it was deemed necessary to show how you had suffered either/or material and non-material damage to be able to make a successful claim. In data breach claims, it would involve showing that you suffered credible harm in some way due to the breach.

Data Breach Claim Calculator

You may want to know how much you could receive for a data breach claim. The compensation you could receive for financial losses will depend on the value of the losses you’re able to prove. For example, if you are the victim of identity fraud due to a data breach, these costs could include moving fees, loss of earnings and any new debt.

However, we can provide you with a better idea of the compensation you could receive for non-material damages. The Judicial College analyses payouts that have been received for these types of injuries, comparing the compensation amount to the extent and severity of the psychological damage. You can see a table below highlighting the compensation brackets created from this information.

Type of InjurySeverityAmount of CompensationDescription
Psychiatric Damage GenerallyLess Severe£1,440 to £5,500This amount will be based on factors including the period of time that the injured person has been affected by the disability and the degree to which sleep and daily activities have been disrupted.
Post-Traumatic Stress DisorderLess Severe£3,710 to £7,680A virtually full recovery will be made within a year or two. Therefore, any symptoms that last longer than two years will only be minor.
Psychiatric Damage GenerallyModerate£5,500 to £17,900There will be problems with the injured person's ability to cope with life, work, education and their interpersonal relationships. However, a marked improvement will be noted by trial leading to a good prognosis.
Post-Traumatic Stress DisorderModerate£7,680 to £21,730Cases in this bracket will mean that the injured person will have mostly recovered. However, any symptoms that are continuous will not be particularly disabling.

To learn more about this, please contact our team of advisors for free at a time that works for you. They can help you determine how much you could receive for a data breach compensation claim. They can also answer any questions or queries you may have. Contact them 24/7 using the details above.

Start Your Claims For A UK GDPR Data Breach 

You may want to know the advantages of using a data breach No Win No Fee solicitor to make a data breach claim. You may find this method more financially beneficial because there are no hidden fees or costs, and you would only need to pay your solicitor’s fees if your claim is successful.

Your solicitor will take a small, legally capped success fee from your compensation to cover their fees. Furthermore, this also means that they won’t waste your time. They will only take your case if they feel there’s a reasonably good chance of success.

Our advisors are available at any time that works for you. They can confirm if you can claim and provide you with a compensation estimate. Additionally, they can also connect you with a specialised GDPR data breach solicitor from our panel. They can work your case using a No Win No Fee agreement meaning that you would only have to pay your solicitor’s fees if your claim is successful.

Contact them 24/7 using the below details.

More Information About Making A Claim For A UK GDPR Data Breach

Please use the below links to learn more about a data breach and your ability to claim.

The Department for Digital, Culture, Media and Sport provide up-to-date data breach statistics for the UK through The Cyber Security Breaches Survey 2021.

The ICO also provide information about taking your case to court and claiming compensation.

Would you like to know more about your data rights? If so, please read this information on The ICO website.

Read this article on our website to learn more about data breach claim examples.

Do you want to claim for a misdirected fax data breach? If so, read this article to discover if you can claim compensation.

If you still have queries about receiving compensation, please contact our team to learn more about making a claim for a UK GDPR data breach.