Personal

Data Breach Claims

We are still available and booking appointments over telephone and video conference

In May 2018, new legislation came into force that gave individuals more control over personal data and what data can be held by organisations. The General Data Protection Regulation (GDPR), and the Data Protection Act 2018 contain provisions and requirements on processing of personal data of individuals within the European Economic Area.

Those that control this data, must have appropriate technical and organisational measures to protect the data they collect, and obtain consent for its collections and disclosure where required. This is why you get pop-ups on every website you go to informing you that they use cookies to gather data.

While the majority of companies have taken robust action to protect this data, not all organisations do. If your data is misused, disclosed, destroyed or lost and you have suffered financial loss or distress then it may be possible for you to claim compensation. If you think you have been adversely affected by a data breach, then contact our expert lawyers today.

Data breach compensation

Under GDPR law, if an organisation that holds your data suffers a data breach, you may be entitled to claim compensation if you have suffered some form of loss as a result.

A data breach is when personal data is lost, destroyed, accessed or disclosed in an unauthorized way whether that's by accident or deliberately by someone inside or outside the organisation.

Data breaches may involve:

  • Personal health information (PHI)
  • Medical documents
  • Social services documents
  • Financial information
  • Sensitive, protected or confidential information

Can you get compensation for breach of data protection?

You have a right to claim data protection breach compensation due to GDPR if you have suffered as a result of an organisation breaking the data protection law. The organisation may likely agree to pay the compensation to you without involving the ICO so you do not have to claim.

If you believe your personal data has been lost or misused and you have suffered loss or distress, you may be able to claim for compensation. However, data breach cases are not straightforward. It is recommended to contact the Information Commissioner's Office (ICO), the UK's data protection regulator and supervisory authority for GDPR compliance. The ICO can investigate the incident and determine if an organisation is at fault for the breach. This can be a slow process, but it can add weight to a compensation claim. The ICO does not award compensation, to be awarded compensation you will need to make a claim against the organisation who breached your data.

You don't have to contact the ICO or wait for its investigation to conclude, you can bring a case against an organisation directly without having to involve the ICO. However, it will make you case much stronger if they find there is a breach.

Who can you claim against for a breach of data protection?

You can bring a claim for a data breach against an individual or an organisation either in the public sector, private sector or charitable sector. In some cases, there may be more than one defendant. Typically, GDPR claims and data breach claims are settled out of court.

What is the data breach compensation amount in the UK?

How much you will get in compensation will depend on the type of data breach and how this has affected you both financially and mentally. The law in this area is currently developing; the courts haven't yet give any specific guidelines on what will be awarded.

Damages awarded in employment discrimination cases may provide some guidance and can be put into 3 bands.

  • £900 - £8,600 for less serious cases where the incident is a one off, for example
    • Disclosure of an individual's name, date of birth, home and email addresses £1,000 - 1,500
    • Disclosure of information related to medical data breach, compensation of £2,000 - 5,000
    • Disclosure of financial information £3,000 - 7,000 depending on the effect of the breach
  • £8,600 - £25,700 for a breach more serious than the first band
  • £25,700 - £42,900 if there has been a protected pattern of default, which causes depression or illness . Medical evidence would be required to support this along with evidence to support any other losses, for example earnings.

Forbes Solicitors have a team of experts in this area who can offer a free initial consultation to determine if we can help and whether your case is worth pursuing. If you do have a case our highly experienced solicitors will be able to offer support and guidance in making an initial complaint to the ICO and thereafter in pursuing your claim to settlement, through the Courts if necessary. No win, no fee funding arrangements may also be available.

Can I claim GDPR compensation for unsolicited emails?

In theory you can make a compensation claim under GDPR against a company sending you marketing emails that you haven't signed up for or have unsubscribed from, but it is unlikely to be economical to instruct a solicitor to make the claim. Legal costs are not generally recoverable in small claims cases. You can ask them to stop doing this and make a formal complaint if they don't do so.

As well as other types of data, GDPR also covers marketing emails that businesses and other organisations send to you. They may have your email address and other data for a number of different reasons, for example if you bought something from them, made a charity donation, asked to be kept informed about something from them or entered a competition. Depending on the permissions you gave them when you did this, they might be able to use your data for marketing reasons or even sell it to third parties. Any marketing email you receive should include details of what to do if you wish to unsubscribe from these types of emails.

Under GDPR, and Article 21 of this legislation specifically, you can request that they stop contacting you for marketing purposes. If they continue despite this, you can complain about them to the Information Commissioner's Office (ICO).

You can in theory make a compensation claim for unwanted marketing emails but there is likely to be very limited or no financial damage suffered, as opposed to a data breach where someone might have used your personal data to commit fraud or other crimes.

Can I make a GDPR claim for subject access requests (SARs)?

You have the right to ask any company or organisation what data about you they are holding and/or using. This is called a subject access request or SAR and organisations usually have to respond with the requested information within one month, although this could be extended up to three months for complex requests.

Their response to the SAR should contain the information you specifically requested and may also tell you:

  • What the information they hold on you is being used for
  • Where they got your information in the first place
  • Who, if anyone, they are sharing the information with
  • How long they will keep your information and why that length of time was decided upon
  • How you can change inaccurate information, ask them to delete it or choose not to have it used for certain purposes
  • Your rights if you want to complain to the ICO
  • Details of security measures taken if your information has been transferred internationally.

If the organisation fails to provide the information requested within this timeframe without a valid reason, you can complain about them to the ICO.

In theory you can make a compensation claim, however the value of the claim means that it is unlikely to be economical to instruct a solicitor to make the claim. Legal costs are not generally recoverable in small claims cases.

Contact Us

Get in touch to see how our experts could help you.

Call0800 689 3206

CallRequest a call back

EmailSend us an email

Contacting Us

Monday to Friday:
09:00 to 17:00

Saturday and Sunday:
Closed

FAQs

What is a GDPR Claim?
 
 

Known as the General Data Protection Regulation (GDPR), this regulation outlines provisions and requirements on pertaining and processing of personal data of individuals within the European Economic Area.

If your data is misused, disclosed, destroyed or lost and you have suffered financial loss or distress then it may be possible for you to claim compensation. If you think you have been adversely affected by a data breach, then contact our expert solicitors today.

Can I get compensation for a data breach?
 
 

It is possible to make a data breach claim for compensation but you must be able to provide evidence that you have suffered damages and stress as a result of the data breach. The current period for making a data breach claim is 6 years, 1 year if it involves a breach of Human Rights.

The aim of compensation is to try and place a claimant back in the same position as if no discrimination had taken place. If you think you have been adversely affected by a data breach, then contact our expert solicitors today.

Can you sue for a GDPR Breach?
 
 

The short answer is, yes. GDPR was introduced in May 2018 to ensure personal data is not misused, disclosed, destroyed or lost.

Every circumstance will be different but if you think you have been affected by a data breach, then contact our expert solicitors today who will be happy to assist.

Can I get compensation for a GDPR breach?
 
 

Yes. The aim of compensation is to try and place a claimant back in the same position as if no discrimination had taken place. If your data is misused, disclosed, destroyed or lost and you have suffered financial loss or distress then it may be possible for you to claim compensation. GDPR was introduced in May 2018 to protect consumers and employees. There are rules that companies must abide by in order to remain compliant. If a business does not follow this then they may be liable to pay compensation.

If you think you have been adversely affected by a data breach, then contact our expert solicitors today.

Need more help?

Get in touch to see how our experts could help you.

Call0800 689 3206

CallRequest a call back

EmailSend us an email

Our Reviews

Our dedicated Data Breach Claims team

Partner, Clinical Negligence and Personal Injury Solicitor

John Bennett

Partner

Personal Injury

PinAccrington

Call01254 872111

Associate Clinical Negligence and Personal Injury Solicitor

Leonie Millard

Partner

Clinical Negligence

PinLeeds

Call01254 770517

Lisa Atkinson

Lisa Atkinson

Associate

Personal Injury

PinAccrington

Call01254 222448

Next

Useful Information

Article

Supreme Court finally set to rule on when non-material damage is serious enough to justify a claim

25 Mar 2021

It is clear to see that GDPR claims are certainly on the rise, with a flurry of activity featuring…

Read more

Article

Data breach claims and the rogue employee

02 Feb 2021

The recent case of Morrison's v others concerned Mr Skelton, a former employee who had been…

Read more

Article

Post Pandemic and Data Protection

09 Dec 2020

As we all look forward to the possibility of less restrictions, a vaccine, some return to normality and…

Read more

Contact Us

If you have a general enquiry then please fill in your details and someone will contact you.

Call0800 689 3206

CallRequest a call back

EmailSend us an email

Contacting Us

Monday to Friday: 09:00 to 17:00
Saturday and Sunday: Closed