Being the victim of online fraud or computer hacking is distressing and angering. New laws called General Data Protection Regulations (GDPR) and the Data Protection Act 2018 came into effect in 2018 to help the public defend themselves against the threat of identity theft, fraud, and general misuse of their private data. In this article, we examine how you can take steps to receive GDPR data breach compensation if you suffered financial and emotional harm because of a lapse in data security.
Data breaches don’t happen just online. Every organisation that keeps personal details about you has a legal responsibility or ‘duty of care’ to handle them properly and in accordance with these new laws. We look at these expectations in detail and explain how you can hold those responsible for a breach in data security to account. You could win compensation for your losses.
Start off by getting in touch with our friendly data breach compensation team. We’re available to talk about the merits of any claim you think you have against a bank, a school, a retail outlet, or any governmental agency that permitted the misuse of your data.
You can call on 0161 696 9685 or drop us an email at Legal Helpline for instant help and advice. Perhaps you would prefer to use the ‘live support’ option bottom right of this screen? We can help with knowledgeable and strictly confidential advice right now.
Select A Section
- A Guide On GDPR Data Breach Compensation Claims
- What Are The General Data Protection Regulations?
- GDPR Data Breach – What Is It?
- What Are GDPR Data Breach Compensation Claims?
- Who Could You Claim GDPR Data Breach Compensation From?
- Are You Eligible To Make A GDPR Data Breach Compensation Claim?
- Calculating GDPR Data Breach Compensation Claims
- Types Of Damages Awarded For Breaches Of The GDPR
- How To Start A GDPR Data Breach Compensation Claim
- Make A GDPR Data Breach Compensation Claim With A No Win No Fee Solicitor
- Talk To Us About Your GDPR Data Breach Compensation Claim
- GDPR Data Breach FAQs
- Related GDPR Data Breach Guides
GDPR data breach compensation can be calculated by assessing two types of damage referred to as ‘material’ and ‘non-material’. We look at each in detail further in this article but basically, since a change in the law, it’s now possible to claim for both financial harm and emotional suffering caused by a data breach.
Your claim can be for one or the other, or both. The law recognised that the trauma associated with someone reaching into your private life to exploit personal information was not just financially damaging.
With this in mind, we explain the evidence that you can collect to support an effective claim for both. We outline the time limits and responsibilities of those who have caused or permitted your data breach and what the law now expects them to do to remedy the situation. Our compensation table demonstrates the awards that can be possible for the emotional anguish caused by the data breach and identity theft.
We hope to provide you with the resources to make an informed decision about your claim and then offer you an introductory service to our panel of No Win No Fee data breach lawyers. They could help you receive an amount of compensation that could address the monetary and emotional harm caused by the data breach of another.
Online and offline fraud is a real problem. According to statistics from the government, 46% of businesses and 26% of charities report having suffered a cyber attack in the last 12 months. GDPR laws were timely and essential. Information is shared online with third parties and this can be a very useful and efficient way to improve services. But when abuses or errors occur, it can devastate the life of the individual.
Consent is central to GDPR law. These laws were established to help the average citizen take back more control over how their personal information was used and shared. The Information Commissioner’s Office (ICO) was tasked with the duty of upholding GDPR laws and this powerful independent body can issue very stiff penalties (up to £17.5 million or 4% of previous years’ turnover) to companies or agencies that abuse their position with regards to our personal data.
Sharing information can still happen without our specific consent but GDPR gives back some control. In addition, when you use sites online now you will notice that your permission is being asked far more often with regards to ‘cookie‘ use and other consent options. These are important ways to control our own visibility on the internet and reduce the risk of being hacked or exploited by third parties.
The ICO classifies a GDPR data breach as any unlawful or accidental act resulting in the loss, destruction, alteration, and exposure of data that leads to a security breach. This covers a very wide area of human error and criminality. Some general examples of a data breach that could affect anyone are:
- Personal details left on a computer screen for unauthorised people to see
- Sensitive information not shredded or properly disposed of
- Staff conversations that are inappropriate or in earshot of others
- Important documents left lying around
- Loss or theft of laptops, USB sticks or smartphones
- Filing cabinets left unlocked and freely accessible
- Social media posts that include personal details without consent
- Passing on your personal information to unauthorised sources
The ICO recognises that there are there distinct people who can be involved in a data breach:
- ‘Controllers’ are the agencies or companies in possession of our personal data
- ‘Processors’ are people who handle the data either on the behest of the controller or as an outside agency tasked with that job
- ‘Third parties’ are those to whom the data could be shared or sent, with or without consent, on or offline.
Concerning lapses in security could happen at any stage amongst these three parties but they are all bound by the law regardless. Because of GDPR, all companies have a duty to report breaches to those affected within 72 hours. They must also have rigorous in-house security software in place and must share information legally and securely.
If you can demonstrate that they failed in this duty and allowed a breach, you could claim.
The ICO gives very clear guidance on what it considers to be the appropriate way to handle data as part of its core principles. They also acknowledge that a data breach is about more than merely the theft or inappropriate use of information. You could make a claim for GDPR data breach compensation if any of the following were disregarded or imperfectly practised:
- Lawfulness, transparency and fairness – is the use of data obvious and clearly designated for lawful purpose?
- Is the purpose of collecting and keeping the data limited?
- Data minimisation – are they keeping only the appropriate amount of data?
- Accuracy – is the data up to date and accurate?
- Storage limitation – are they keeping the data for an appropriate amount of time?
- Security – are the controllers, processors and third parties treating your data with the confidentiality and integrity it deserves?
Accidents can happen and human error can never be absolutely ruled out. The ICO takes a realistic stance on breaches and understands that perfect handling of data is not always possible. However, if the breach was a willful abuse of privacy, they can come down hard in our defence.
Any agency that suspects a data breach that affects you has 72 hours to report it to you. Failure to do this can carry a penalty. To be fair, it’s in the best interests of most companies and agencies to prevent a data breach and remedy problems as quickly as possible. But if your information has fallen into the hands of unscrupulous users, you absolutely have the right to sue them. GDPR data breach compensation is possible if the core principles are not adhered to.
The core principles of GDPR aim to safeguard your personal information from abuse. That abuse can range in severity. So what are some typical examples of cybercrime or data breaches? Marketing schemes can use your email or mobile number to send junk mail or nuisance texts. At the other extreme, your entire identity can be stolen.
Organised gangs search the dark web looking for personal data to construct fraudulent identities. They use this information to steal from banks and financial institutes. The consequences of your details being left unattended could cast a shadow over your life for years. Providers such as the following can all be at fault:
- Banks and building societies
- Hospitals, GP’s and health care providers
- Nurseries and schools
- Retail outlets
- Government and local authority agencies
- Social services
- Housing associations
- Ticket outlets and travel providers
The ICO holds all these companies and agencies to a very high standard of practice. They expect those in possession of our data to have robust software and firewalls, good encryption techniques and solid password procedures to protect client details. Screens that time out automatically and multiple password options may seem irritating when we are trying to use these facilities, but each obstacle that prevents a cybercriminal helps us.
As you move forward with a complaint of data breach, the ICO can step in and take up your case if you have failed to receive a satisfactory response in three months of last contact with the agency at fault. The ICO does not award compensation, but they can help with the complexity of a data breach case, and the findings of their investigation could serve as crucial evidence in your own claim.
Speak to our team if you have been implicated by a data breach. Whoever the agency was, they have a duty to handle information properly and carefully. If they failed, GDPR data breach compensation could be awarded.
You may be reading this article because you have already become a victim of a data breach and are wondering what you can do about it. Because of the change in the law we described above, you can now seek compensation for both financial and emotional damage due to a data breach. Evidence is required for both in the form of medical proof of psychiatric distress and lost monies, but it is absolutely possible to have these amounts properly calculated to reflect your suffering.
Can I Claim Compensation If Affected By A Data Breach?
Companies at fault may offer to pay you compensation for the breach without you needing to involve the ICO. You do not need to involve them, but it can strengthen your case if you’ve asked them to intervene. It’s possible to claim against an individual or a company in the private or public sector.
Anyone can launch their own claim for compensation but the legal jargon and time demands required to get your case right can be too much for most people. Because of this, you may want to consider involving the ICO or speaking to a data breach solicitor to take up your case.
How To Sue For A Breach Of The GDPR
At Legal Helpline we understand that it can seem daunting taking on a big corporation or agency and accusing them of bad practices. GDPR and the ICO seek to uphold the rights of the individual to make a formal claim for compensation if the new laws are not followed.
You have a legal right to make a claim if you have been harmed in this way. With the supporting information, your claim stands a good chance of being upheld and it could stop you from being penalised with debt and stress you did nothing to create or deserve.
The Judicial College Guidelines is a publication that lists suggested compensation award amounts for people who have suffered injury through no fault of their own. Since the change in the law that states GDPR data breach compensation can be sought for emotional distress alone, it is now possible for data breach lawyers to evaluate on this basis. The table below shows what awards are recommended for the pain, suffering and anguish certain medical conditions can create:
Injury Effects Suggested Award
Psychiatric damage - severe Extreme and lasting problems chronically affecting many areas of life. £54,830 to £115,730
Psychiatric damage - moderately severe Significant problems like stress and trouble working or sleeping. £19,070 to £54,830
Psychiatric damage - less severe The effect on daily activities and sleep will be taken into account. £1,540 to £5,860
PTSD - severe Inability to function at work or in life as normal. £59,860 to £100,670
PTSD - moderately severe Recovery possible but disabilities for foreseeable future with prognosis of some recovery with professional help. £23,150 to £59,860
PTSD - moderate Largely recovered but some lingering and persisting symptoms, even with therapy. £8,180 to £23,150
PTSD - less severe Minor symptoms but mostly recovered within 2 years. £3,950 to £8,180
Combined, these amounts can greatly boost a GDPR data breach compensation total. To receive a more specific valuation relevant to your case, please get in touch with our team.
When it comes to GDPR data breach compensation claims there are two types of damage described as ‘material” and ‘non-material’. Both require evidence.
This is all the tangible paper trail that proves you needed to outlay money in order to cope with the effects of the data breach. It also could prove that there were sudden and unusual amounts of money going missing from your account as a consequence of theft and fraud. It can also cover any harm to credit ratings. Your bank or the agency should certainly help provide details here. It’s in their best interests also to get to the bottom of the data breach and the problems it has caused.
Non Material Damage
Non-material compensation refers to the damages you could receive for mental distress. As our table above illustrates, it is entirely plausible to suffer acute emotional and psychological harm from the worry of sudden money loss or identity violation. Often people tend to dismiss these effects, imagining that they should ‘get on with it’ and focus on the monetary loss caused by a data breach. But these consequences are just as serious, more so in many cases. If you suffered mental problems such as:
- Insomnia or disturbed sleep
- Anxiety or panic attacks
- Phobia or sudden extremes of mood
- PTSD (Post-traumatic stress disorder)
- Suicidal thoughts
It’s important to remember they could all have an award amount attributed to them. These are very serious impacts on your health and well being. If they were caused by the failure of another to properly practice GDPR guidelines, they may have been avoidable, too. Start your claim today at Legal Helpline and begin to put it right.
When you consider starting a GDPR data breach compensation claim, there is a procedure to follow for the best results. Firstly, you should raise your concerns about a data breach to the person or company in question. You may hear about the breach from other sources like a news outlet or from a friend.
The company should report the breach to you within 72 hours but it’s not impossible that you could notice something strange first, such as money disappearing or a sudden up-curve in cold calls and spam email.
Next, you should ensure that there is a meaningful response from that company within a three month period. If you fail to hear from them, you can involve the ICO who will enforce a response if they take the case up. At this point, it can also be wise to start to assemble proof of how the data breach has impacted your life. As we discussed above, the key to successfully claiming data breach compensation is your ability to demonstrate how the breach harmed your finances and your health.
Finally, you may want to start a claim with a No Win No Fee data breach solicitor. We discuss the exact advantages of No Win No Fee arrangements below, but it can be useful to get a lawyer on your side to help calculate compensation properly.
Often in data breach cases, the theft and bank charges can carry on for some time after being discovered. Your claim can only be made once so it’s essential to include all the possible charges and fees you may incur from the data breach. It could be your only chance to get them back.
No Win No Fee arrangements can help give you access to justice. There are many benefits to using the services of a data breach solicitor in this way and at Legal Helpline we can introduce you to some with over three decades of experience. When you sign a No Win No Fee agreement (or Conditional Fee Agreement) you can:
- Start a claim well within the 6-year time limit (1 year for cases that involve human rights) for data breach cases at no upfront cost
- Use the services of your lawyer throughout the claims process with still no charge
- Pay nothing to your lawyer if your case does not succeed
- The data breach lawyer will advise right at the start how viable your case is, so no time wasting
- They also have a committed interest in giving your case their full attention as their fee comes from a successful result also
- If your case wins you only need to pay a small percentage to the data breach solicitor as their fee to help cover their costs
No Win No Fee is fast, cost-effective and professional. With the reduced financial risk to you, it can be possible to take on the huge multi-national or government agency that breached your data. You can hold them to account for their sloppy handling of your private information.
We hope that this article has helped in your decision to start a GDPR data breach compensation claim. Help is out there to reclaim your lost money and restore your peace of mind. Legal Helpline can offer you an introduction to data breach solicitors from our panel who can really help put this nightmare behind you. Simply:
- Call our friendly team available right now on 0161 696 9685
- Write or email at Legal Helpline
- Use the ‘live support’ option for immediate help
How do I know I’ve been breached?
Obviously, we can tell if there are strange deductions happening in our bank accounts. But GDPR breaches can involve more subtle problems such as spam emails and unwanted text alerts. Also, domain name attacks may mean websites are suddenly unsafe for you.
What happens if you breach GDPR?
You can face a penalty or exposure to claims for compensation. There is extensive advice online about what you need to do as a company or an individual to protect the personal information of others.
In addition to the topics discussed, you can refer here for advice on how to use cybersecurity to protect your data. Support for cybercrime victims is available here and also you can read more information on data matters from the ICO here.
Why not take a look at some of our other data breach guides?
- My employer breached my data protection rights – can I claim compensation?
- Make a claim for a breach of medical data
- How to claim if a GDPR breach caused you stress
- What information is protected by GDPR?
- Patient medical records data breach claims
- How do I report a data protection breach?
- Nursery schools GDPR data breach claims
- Optician data breach claims
- Comparison site data breach claims
- GP data breach claims
- Claims for data protection breaches in schools
- Credit card data breach claims
- Pharmacy GDPR data breach claims
- Bank data breach claims
- Claim for a data breach against Blackbaud
- Housing association data breach claims
- Mortgage provider data breach claims
- Solicitor GDPR data breach claims
- Private healthcare provider data breach claims
- Human resources (HR) data breach claims
- Data breach claims against the police
- Loan provider data breach claims
- How to claim against the Crown Prosecution Services (CPS) for a data breach
- How to claim against Social Services for a data breach
- NHS data breaches – can I claim compensation
- HMRC data breaches – can I claim compensation?
- Data breach claims against a hotel
Thank you for reading our guide to GDPR data breach compensation claims.