SOLVING PERSONAL LEGAL MATTERS
On the 25th May 2018, new legislation came into force that gave individuals more control over personal data and what data can be held by organisations. The General Data Protection Regulation (GDPR), and the Data Protection Act 2018 contain provisions and requirements on processing of personal data of individuals. It was amended on the 1st January 2021 as a consequence of Brexit.
While the majority of companies have taken robust action to protect this data, not all organisations do. If your data is misused, or disclosed, or lost and you have suffered financial loss or distress then it may be possible for you to claim compensation. If you think you have been adversely affected by a data breach, then contact our expert lawyers today.
Under GDPR law, if an organisation that holds your data causes it to be disclosed in an unauthorized way whether that's by error or accident by someone organisation you can claim compensation for any loss caused by the breach and the distress it has caused.
Data breaches may involve:
You have a right to claim data protection breach compensation due to GDPR if you have suffered as a result of an organisation breaking the data protection laws.
If you believe your personal data has been lost or misused and you have suffered loss or distress, you may be able to claim for compensation. However, data breach cases are not straightforward.
As a general rule, to recover compensation the data needs to be sensitive personal data. It must be confidential and not already in the public domain. Provided to the organisation on a confidential basis. Good examples would include financial or medical information or other information that ought to remain confidential. There has been an unauthorised use of the information. In other words, it has been released without consent or legal justification.
The Information Commissioner's Office (ICO), the UK's data protection regulator and supervisory authority for GDPR compliance can investigate the incident and determine if an organisation is at fault. This can be a slow process, but a finding in your favour will add weight to a compensation claim. The ICO does not award compensation, to be awarded compensation you will need to make a claim against the organisation who breached your data.
You don't have to contact the ICO or wait for its investigation to conclude, you can bring a case against an organisation directly without having to involve the ICO.
You can bring a claim for a data breach against an organisation either in the public sector, private sector or charitable sector. In some cases, there may be more than one defendant. Typically, GDPR claims and data breach claims are settled out of court.
How much you will get in compensation will depend on the type of data breach and how this has affected you both financially and mentally. The law in this area is currently developing; the courts haven't yet given many specific guidelines on what will be awarded.
The threshold of seriousness applies to data protection claims. One-off data breaches that do not include personal and sensitive data, which are quickly remedied may be regarded as de-minimis and worth very little.
Disclosure of sensitive personal data, for example, medical records, financial information, the location of an individual who is in danger are likely to pass this threshold.
The sums awarded under these guidelines include injury to feelings and any consequential financial loss. There is limited case law on the valuation of these claims. The wards can range from:
Forbes Solicitors have a team of experts in this area who can offer a free initial consultation to determine if we can help and whether your case is worth pursuing. If you do have a case our highly experienced solicitors will be able to offer support and guidance in making an initial complaint to the ICO and thereafter in pursuing your claim to settlement, through the Courts if necessary. No win, no fee funding arrangements are available.
In theory you can make a compensation claim under GDPR against a company sending you marketing emails that you haven't signed up for or have unsubscribed from, but it is unlikely to be economical to instruct a solicitor to make the claim. Legal costs are not generally recoverable in small claims cases. You can ask them to stop doing this and make a formal complaint if they don't do so.
As well as other types of data, GDPR also covers marketing emails that businesses and other organisations send to you. They may have your email address and other data for a number of different reasons, for example if you bought something from them, made a charity donation, asked to be kept informed about something from them or entered a competition. Depending on the permissions you gave them when you did this, they might be able to use your data for marketing reasons or even sell it to third parties. Any marketing email you receive should include details of what to do if you wish to unsubscribe from these types of emails.
Under GDPR, and Article 21 of this legislation specifically, you can request that they stop contacting you for marketing purposes. If they continue despite this, you can complain about them to the Information Commissioner's Office (ICO).
You have the right to ask any company or organisation what data about you they are holding and/or using. This is called a subject access request or SAR and organisations usually have to respond with the requested information within one month, although this could be extended up to three months for complex requests.
Their response to the SAR should contain the information you specifically requested and may also tell you:
If the organisation fails to provide the information requested within this timeframe without a valid reason, you can complain about them to the ICO.
In theory you can make a compensation claim, however the value of the claim means that it is unlikely to be economical to instruct a solicitor to make the claim. Legal costs are not generally recoverable in small claims cases.
Gulati v MGN Ltd - £72,500 - £260,250 - Phone hacking and prolonged attempts to acquire personal data for a newspaper publication. The intentional misuse of data along with repeated misuse will increase any award.
TLT v Home Department - (Two Iranian Parents) - The Home office failed to anonymise published data relating to families with no right to remain in the UK. It published names and countries of origin and areas they lived in, they were awarded £12,500 each. They were fully aware of the extent of the breach and how it affected them. Their fears and concerns were genuine. They were forced to move home and change their child's school as a result of the breach. The claimants child was awarded £2,500 to reflect the need to move home and school.
Another claimant for the same breach was awarded £6,000. She had a legitimate and reasonable fear that the data breach could be accessed by her former government and that this could lead to her being tracked down. Another claimant was awarded £3,000 based on the initial shock of the data breach
Weller v Associated Newspapers - Photographs of a musician were published that included pictures of his three children. The case was brought on the children's behalf. Two of the children were babies and were unware of the breach. They were awarded £2,500. She was awarded more as her feelings of embarrassment and of being threatened by the photographer were held as legitimate.
Commissioner of Police of the Metropolis v Andrea Brown - Police officer successful proved that police facilities were wrongly used to obtain her passport and travel details. These should be used only to prevent crime, but in her case were used for an internal grievance procedure. She was awarded £9,000. She suffered distress as a result of the breach. The award was increased because there was evidence of abusing statutory power, causing her to lose control of her data.
Other examples of data breaches that we have seen are:
Known as the General Data Protection Regulation (GDPR), this regulation outlines provisions and requirements on pertaining and processing of personal data of individuals within the European Economic Area.
If your data is misused, disclosed, or lost and you have suffered financial loss or distress then it may be possible for you to claim compensation. If you think you have been adversely affected by a data breach, then contact our expert solicitors today.
It is possible to make a data breach claim for compensation but you must be able to provide evidence that you have suffered damages and stress as a result of the data breach. The current period for making a data breach claim is 6 years, 1 year if it involves a breach of Human Rights.
The aim of compensation is to try and place a claimant back in the same position as if no discrimination had taken place. If you think you have been adversely affected by a data breach, then contact our expert solicitors today.
The short answer is, yes. GDPR was introduced in May 2018 to ensure personal data is not misused, disclosed, destroyed or lost.
Every circumstance will be different but if you think you have been affected by a data breach, then contact our expert solicitors today who will be happy to assist.
Yes. The aim of compensation is to try and place a claimant back in the same position as if no discrimination had taken place. If your data is misused, disclosed, destroyed or lost and you have suffered financial loss or distress then it may be possible for you to claim compensation. GDPR was introduced in May 2018 to protect consumers and employees. There are rules that companies must abide by in order to remain compliant. If a business does not follow this then they may be liable to pay compensation.
If you think you have been adversely affected by a data breach, then contact our expert solicitors today.
23 Mar 2022
On the 18th January 2022, the ICO published that enforcement action was to be taken against the Ministry…