Can You Claim For A DPA Breach Guide
What is a DPA breach? Organisations that collect personal information are known as data controllers. Data controllers and data processors must adhere to the Data Protection Act 2018 (DPA 2018) together with the UK General Data Protection Regulation (UK GDPR). These pieces of legislation are there to protect your personal and sensitive data when it is being processed. If an organisation fails to adhere to data protection laws or breaches these laws and this leads to your personal data being exposed a claim may be possible. Breaches in data security can happen for several reasons, whether deliberate, malicious, accidental, or through human error.
Our guide provides advice on what you should do when your data is exposed. We cover if you could be eligible for compensation if your personal data has been exposed because the DPA has been breached. Furthermore, we explain how you could seek material damages and non-material damages.
In addition, there is information on how a No Win No Fee solicitor from our panel could represent you. However, they would first need to determine whether you have good reason to sue for compensation.
Call today and speak to a member of our team. You can reach an adviser by calling our freephone number which is 0800 408 7825. Our lines are open 7 days a week 24 hours a day.
If you would like to read more about claiming compensation following a personal data breach caused by a company’s failure to adhere to the Data Protection Act (2018), please click on the links that follow.
Select A Section
- The UK GDPR And DPA Breaches
- Is Personal Information Protected By The DPA?
- What To Do If You Were The Victim Of A DPA Breach
- Could I Get Compensation For A DPA Breach?
- Data Breach Compensation Calculator
- Talk To Our Advisors About Your Data Breach Claim
The UK GDPR And DPA Breaches
There are two major laws in the UK that protect the personal information that organisations (data controllers) hold. They must abide by these laws and if they don’t, the Information Commissioner’s Office (ICO) could issue hefty penalties. When you link to an organisation you typically provide a certain amount of your personal data. You become a data subject. The sort of information an organisation may request could include any of the following:
- Name
- Address
- Date of birth
- Email address
- Phone number
- Bank account
- Debit card
- Credit card
- Password
Furthermore, the UK General Data Protection Regulation (UK GDPR) applies to both ‘data controllers’ and ‘data processors’. The UK GDPR states 7 key principles that data controllers and processors must follow to ensure they are adhering to data protection laws. The 7 key principles are:
- Transparency, fairness and lawfulness
- Accuracy
- Purpose limitation
- Storage limitation
- Data minimisation
- Accountability
- Confidentiality and integrity (security)
To find out if you have a data breach claim because personal information has been mishandled or misused due to a DPA breach call our advisors today. They will go through the merits of your case and provide free legal advice on what your next steps could be.
Is Personal Information Protected By The DPA?
Personal information that directly or indirectly references or identifies a person is protected under data protection law. That said, specific personal data is deemed more sensitive than other information. As such, it is afforded greater protection under UK law.
Special Category Data
Special category personal data is given greater protection under the law. This includes the following:
- Ethnicity
- Biometric data
- Genetic information
- Sexual orientation/sex life
- Mental or physical health
- Religious beliefs
- Political preferences and views
- Membership in trade unions
When special category data is exposed, the result can be devastating for everyone involved. Proving that the data controller or processor was liable for the personal data breach that exposed your sensitive information is key to making a successful claim. Call our advisors today to have your case evaluated for free,
What To Do If You Were The Victim Of A DPA Breach
If you have been contacted to say that your personal data has been breached or you suspect that this has happened there are steps you may need to take. The breach may have happened through human error, or it could be due to a malicious attack.
As soon as you find out about a personal data breach, you could:
- Contact the organisation to confirm the breach
- Find out what data was exposed
- Change all your passwords and login details
- Notify your bank and credit card providers about the breach if necessary
- Keep an eye on your online activity and report anything that is suspicious to the relevant authorities
If you are planning to make a claim following a personal data breach there are other steps you could take such as:
- Keep any correspondent from the organisation you hold responsible for the breach
- If you are not happy with the response from the organisation you can ask the ICO to investigate
- Keep receipts of any financial losses caused by the breach as you may be able to claim for these.
- If your mental health has suffered seek medical advice. This will help you get the treatment you need but it will also document your suffering so that your medical records can be used for your case.
If you have suffered a personal data breach because of a DPA breach by an organisation that should have been protecting this data call our advisors for free advice today.
Could I Get Compensation For A DPA Breach?
If you fell victim to a personal data breach because of a DPA breach, you should seek advice from a specialist solicitor to establish whether you have grounds to sue. The solicitor would review all the details relating to your case before determining whether a data controller or processor broke data protection law.
When a solicitor finds you have good reason to seek data breach compensation, they could offer to represent you on a No Win No Fee basis. Moreover, the solicitor would provide essential legal advice which includes how you could seek non-material damages without claiming material damages. This is because a case heard in the court of appeal involving Google (Google vs Vidal Hall) saw the judge rule that the data breach victims could claim non-material damages for mental harm when they had suffered no financial loss.
The solicitor would also explain that you must respect the time limit linked to a data breach claim. This is usually 6 years. Unless making a data breach claim against a public body, in this case, it is just one year. However, collecting sufficient evidence to support a claim and respecting pre-action protocols takes up valuable time. As such, you should start legal proceedings sooner rather than later when you file for compensation.
Data Breach Compensation Calculator
When you sue for data breach compensation and if your claim is successful, you could be awarded two types of damages. These are:
- Material damages to cover your monetary losses
- Non-material damages for the mental harm caused to you.
In the table below, you will find compensation brackets based on the Judicial College Guidelines (JCG).
| Mental Ill-Health | Seriousness | Compensation awards based on JCG | Further details |
|---|---|---|---|
| Psychiatric/psychological harm | extremely serious | £51,460 to £108,620 | Claimant suffers extremely severe emotional damage which affects their ability to work and their future lives which includes their relationships |
| Psychiatric/psychological harm | moderately/serious | £17,900 to £51,460 | Claimant experiences issues when it comes to working. Their relationships are negatively impacted as well although the prognosis is more positive than above |
| Psychiatric/psychological harm | moderate | £5,500 to £17,900 | Claimant shows a distinct improvement over time when they receive the correct therapy |
| Psychiatric/psychological harm | less serious | up to £5,500 | Claimant experiences some mental health issues which could include phobias, disrupted sleep patterns and anxiety issues |
| PTSD – Post-traumatic stress disorder | extremely serious | £56,180 to £94,470 | Claimant suffers extremely serious symptoms associated with Post-traumatic stress disorder which negatively impacts every aspect of their lives including their relationships and ability to work |
| PTSD – Post-traumatic stress disorder | moderately/severe | £21,730 to £56,180 | Claimant experiences less serious symptoms than above. However. their lives are negatively impacted to some degree |
| PTSD – Post-traumatic stress disorder | moderate | £7,680 to £21,730 | Claimant suffers less severe symptoms although they may suffer to a certain degree as time goes on |
| PTSD – Post-traumatic stress disorder | less serious | up to £7,680 | Claimant is expected to recover over time but some minor symptoms may continue |
To claim non-material damages, you must be able to prove to what extent a data breach caused your mental illness. As such, an independent specialist may provide a medical report. This should provide details on how badly a breach affected you.
Call an adviser today and find out if your claim is valid. Once we find you have good reason to sue for compensation, we will put you in touch with a solicitor from our panel. Furthermore, they can schedule an appointment with an independent medical specialist local to you.
Talk To Our Advisors About Your Data Breach Claim
Call an adviser about making a claim for a personal data breach due to a DPA breach. You can ask any questions you have and a member of our team will offer free advice. Once we determine your case is valid, we can put you in touch with a No Win No Fee solicitor from our panel.
The solicitor will send you a Conditional Fee Agreement (CFA) which you need to sign and return to them. The agreement sets out the T&Cs of the contract which include:
- You don’t pay the solicitor any upfront fees
- A success fee is only payable if you win your claim
- Should your case fail, you won’t pay the success fee
Call today and find out if a solicitor from our panel could offer you No Win No Fee terms. You can speak to an adviser by calling our freephone number below:
- Call an adviser on 0800 408 7825
- Fill out the online claims form
Please note, that your first consultation is free of charge. Furthermore, you won’t have to take your data breach claim forward should you not wish to.
Where To Read More
Below are external websites that may offer more information if you are thinking of pursuing a claim for a persoanl data breach:
The 7 key principles of UK GDPR
Government statistics on cyber-security breaches in 2021
The Information Commissioner’s Office taking your case to court
We have added some more of our guides that might help answer the question, if your personal data was exposed because of a DPA breach could you make a claim?:
Has Your Personal Data Been Exposed In A Mis-directed Fax
Did You Suffer Because Of An Housing Association Data Breach?
Has Your Medical Information Been Exposed In A Private Health Care Clinic?
Article by OO
Publisher EC.