Here in the UK, we have legislation designed to protect personal data. In this post, we take a look at this and explain what a data breach is as well as some of the terminology used within this legislation.
We’ll also take a look at the eligibility requirements you must meet in order to start a claim for a data breach and the ways in which a solicitor could help you when seeking compensation.
To find out more, you can:
What Is The UK GDPR?
The UK General Data Protection Regulation (UK GDPR) is one piece of data protection legislation in the UK. It sits alongside the Data Protection Act 2018 (DPA 2018) to outline the responsibilities of data controllers (those who decide why and how they will process your personal data) and data processors (those who act on behalf of the controller). Data controllers and data processors must adhere to these pieces of data protection laws.
The UK GDPR defines personal data, which is data that can be used to identify a person as the data subject. This includes, for example, your name, date of birth or email address. In addition, the UK GDPR outlines what a data breach is and sets the criteria for claiming compensation.
What Is Considered A Breach Of GDPR?
A personal data breach is a security incident impacting the availability, confidentiality, or integrity of your personal data. A breach of the UK GDPR could lead to your personal data being compromised. This could occur accidentally through human error, or unlawfully, such as those who are unauthorised gaining access to personal data.
What is the penalty for a UK GDPR violation?
Under this legislation, organisations need to inform the Information Commissioner’s Office (ICO) of a reportable data breach which is one that puts the rights and freedoms of data subjects at risk.
The ICO is an independent body that upholds data protection rights within the UK. As part of their role, they can investigate data breaches as well as issue fines to organisations for failing to adhere to the legislation and compromising personal data.
How long does a company have to report a breach of the UK GDPR?
If a reportable data breach occurs, then the organisation must inform the ICO within 72 hours of awareness. Additionally, they must report the breach to data subjects without undue delay if it presents a risk to individual freedom and rights.
Can You Claim Compensation For A UK GDPR Breach?
The UK GDPR grants data subjects whose personal data was breached the right to compensation. However, in order to claim, you must meet the criteria laid out in Article 82.
This is as follows:
- The data controller or data processor did not uphold their responsibilities in adhering to the UK GDPR and DPA 2018.
- Due to their wrongful conduct, a breach in which your personal data was compromised occurred.
- Additionally, you must have evidence that shows you experienced harm. This could be damage to your mental health, which can be proven with copies of your medical records. Or, you may have suffered damage to your finances, which can be proven with copies of your credit reports or bank statements.
How Long Do I Have To Make A Data Breach Claim?
Generally, you have 6 years to begin a data breach claim. However, this is reduced to 1 year to bring a claim for breach of human rights against a public body.
Can I Claim On A No Win No Fee Basis?
If you are eligible to claim compensation for a breach of your personal data, you could seek the support of a solicitor. One of our experienced data breach solicitors could help.
Usually our solicitors use a type of No Win No Fee agreement known as a Conditional Fee Agreement (CFA) to provide their services. This means that generally, your solicitor won’t ask for ongoing or upfront payments towards their work on your data breach claim.
Your solicitor will deduct a success fee from your awarded compensation if your claim has a positive outcome. The success fee is taken as a percentage that is limited by the law. If your claim isn’t successful, you won’t be asked to pay this fee.
For further information, you can: