I am a solicitor who has specialised in data breach compensation claims.
Following the GDPR legislation if an organisation that is holding your data suffers a breach, you could be entitled to claim compensation if you have experienced some form of loss as a result whether that is financial or emotional stability or both. A data breach is when personal data being held is lost, destroyed, accessed, or disclosed in an unauthorised manner whether it is by accident or deliberately by someone inside or outside of the company.
A data breach can involve:
Personal health information (PHI)
Social services documents
Financial information or bank details
Sensitive, protected, or confidential information
Can you claim compensation for a breach of data protection?
You have the right to claim compensation for data protection breach due to GDPR if you have suffered as a result of an organisation breaking the data protection law whether accidentally or intentionally. The organisation might agree to pay compensation to you without involvement from the ICO (the UK’s data protection regulator and supervisory authority for GDPR compliance) so do you won’t need to make a legal claim.
If you believe your personal data has been breached and you have experienced distress or loss you could be able to claim. However, data breach cases are not always simple and straightforward. It is advisable to contact the Information Commissioner’s Office (ICO) as they can investigate the incident and determine if an organisation is at fault for the data breach. This process can be quite slow, but it can be extremely beneficial to a compensation claim.
It is important to remember that the ICO does not award compensation, to get compensation you need to make a claim against the organisation who breached your data. You don’t have to contact the ICO or wait for its investigation to be completed, you can bring a case against an organisation directly without involving the ICO. However, it will make your case stronger and more likely to be successful if they find there is a breach.
What compensation can you get with a data protection claim?
A data breach can result in both financial and/or identity theft, either of which can have a big impact on your life and be highly upsetting. If they have enough information a cybercriminal can apply for credit in your name, access your bank account, and set up new fraudulent bank accounts.
If you have not been financially impacted by a data breach that does not mean it hasn’t affected you in some way. Having your personal information stolen can leave you at risk of phishing attacks and other attempts by the cybercriminals to access more of your data.
A personal data breach is like the online version of having your home burgled. That is to say if a criminal came into your home and stole your personal information you would be emotionally distressed and feel vulnerable and nervous about what they could do with that information. So, why would you feel any differently if your data were breached online?
Being the victim of a crime can have a significant effect on your life both mentally and physically. Naturally, everyone will react in a different way, but some people could experience a lack of sleep and feeling ill, unsettled, or confused. This added stress can also impact your family, friends, and your job as the distraction and weight on your mind could impact your day-to-day functioning and moods.
Common data protection claims
Over the years the most common data breaches happen in service-based industries where there is direct contact with the public. For example, mobile phone networks, tech firms, retailers, and banks have all been in the headlines due to data security breaches. Data protection claims can be made in situations that include:
Your privacy has been compromised as part of a whistle-blowing operation
Where your personal information has been mishandled or misused
Your personal data has been victim of a cybercrime
Your data has been inadvertently leaked or lost
An organisation has broken the law by using your information for journalism, artistic, marketing, or literary purposes without your permission
Corporate claims where organisations have had their company data leaked such as banking information, business plans etc
Your personal data has been shared with a third party without your permission
An organisation has failed to keep up to date and accurate information about you and it has caused you damage
Are you owed compensation for data protection negligence?
You can claim compensation if an organisation has failed to keep your data secure, regardless of whether you have suffered or not as a result of the breach. However, if you have experienced financial, medical harm, distress, or anxiety it can make a more substantial case.
What steps can you take to claim compensation?
1)Contact the company that lost your data
If you have suffered loss or distress due to your data being compromised, the first thing you should do is contact the company you think is responsible if they have not already contacted you about a breach. You should outline what distress and/or loss you have experienced and how you expect to be compensated.
2)Voice your complaint to the ICO
You can also take your concerns about how the organisation has stored and processed your data to the ICO. The ICO cannot give advice on the amount of compensation that should be due, even if they determine that the organisation did breach the GDPR. However, as previously mentioned its opinion can be very influential and useful in your claim against an organisation that has breached your data.
3)Go to the small claims court
If you can’t reach an agreement with the organisation that breached your data regarding whether you are due compensation and the amount, you can make a claim through the small claims court. If you do opt to go down this route a good piece of evidence to take to the court is the ICO’s agreement with you that the GDPR was breached by that organisation.
How to find out if you have been part of a data breach?
By law, any organisation that has experienced a data breach where your data has been affected is required to contact you and inform you that they have breached your data. If the company is public and the data breach is quite large scale the ICO will usually report the breach on their website too with all the factual details and findings from their investigation.
A lot of people might think that you can only make a data protection claim if you have experienced financial loss, but this is certainly not the case. A personal data breach can cause a great deal of stress and anxiety as well as the feeling of betrayal and disappointment that a company has not sufficiently protected your data depending on what information was accessed. You are entitled to compensation for the mental impact a data breach has had on your life and the inconvenience it causes not just any financial loss.
Was this article helpful?
Spread the word and share it with your friends and family
Check free if you're owed an average £4,000 refund