Boots GDPR Data Breach Compensation Claims Guide – How To Claim?

My Data Privacy Was Breached By Boots, Could I Claim Compensation?

This guide considers what you could do after a potential data breach by Boots.

Having your personal data privacy breached can be a stressful experience, impacting your mental health and feelings of safety and security. It can also have financial ramifications, with some victims of data breaches being put at risk of identity theft or different types of fraud.

Boots data breach compensation claims guideData protection laws exist, in part, to protect you from data breach incidents. Companies that neglect to follow these laws can be subject to fines.

However, not every data breach is caused by a company’s failings. They may have done everything they can to protect personal data and a breach occurs anyway.

But if a company’s positive wrongful conduct causes a data breach, it could be viewed differently. If the people whose personal data is affected suffer mental harm or financial loss because of the data breach, they could claim.

This guide is a guide to making compensation claims for data breaches. We invite you to read through it and obtain useful information. However, it isn’t the only source of help that we can offer you. We can also give you a free consultation through our advisors. If you have evidence of a justifiable claim, our advisors could connect you with our panel of solicitors.

To reach our advisors, call 0161 696 9685. Alternatively, send a message through the pop-up chat box for instant online contact.

Select A Section

  1. A Guide On Compensation Claims For A Data Breach By Boots
  2. What Are Data Breach Claims Against Boots?
  3. How Does The GDPR Affect Data Sharing With Third Parties?
  4. The Boots Advantage Card Cyber Attack
  5. Calculating Compensation Claims For A Data Breach By Boots
  6. Types Of Damages Awarded For Breaches Of Data Protection
  7. Could I Get Help From The Information Commissioner?
  8. No Win No Fee Compensation Claims For A Data Breach By Boots
  9. How To Get Free Advice From A Data Breach Solicitor
  10. How A Data Breach Victim Can Start A Claim
  11. Speak To A Solicitor
  12. FAQs On Data Breach Claims
  13. Where To Learn More

A Guide On Compensation Claims For A Data Breach By Boots

We have put this guide together to act as an introduction to making compensation claims. This guide will explain what claims are and how personal data privacy works. Consequently, we hope you can understand whether or not your situation is one that could be grounds for making a compensation claim.

This guide will also go over some of the details of how the process of making a claim works. Additionally, we explain the role of the Information Commissioner’s Office (ICO) in data protection.

We will also go over some of the details of what kind of compensation you could be entitled to claim. In addition, we consider how the amount of compensation is calculated, what a data breach solicitor actually does, and how you could benefit from working with our panel of lawyers.

If you want more information about anything you have read in this guide, why not contact our advisors? They give free legal advice and are available 24/7.

What Are Data Breach Claims Against Boots?

A personal data breach is a situation that starts with a breach of security. This leads to data being unlawfully lost, disclosed, accessed, altered or destroyed. It can be accidentally or deliberately done.

There are a number of different ways in which a data breach could occur and a number of different consequences. Data breaches can occur because of a deliberate disregard for data protection laws as well as through simple human error.

Below is a list of some examples of the different circumstances in which data breaches could occur.

  • Sharing of personal data with other third parties who aren’t authorised to see it and there isn’t a lawful basis to do so.
  • A letter containing personal information is sent to an incorrect address, despite the correct address being on file. The unauthorised recipient then accesses the personal information.
  • Failure to provide adequate cyber-security to prevent cyber-criminals from accessing personal data records through cyberattacks.

There are certain circumstances under which you could be entitled to claim compensation. Not every data breach will be caused by a company’s failings. However, the company’s positive wrongful conduct might lead to a data breach.

For example, if the company didn’t install cybersecurity, and a data breach occurred, the company could be seen as liable. Those whose personal data was affected by the breach could suffer psychological or financial harm. If they can prove this, they could claim.

How Does The GDPR Affect Data Sharing With Third Parties?

The EU GDPR is the General Data Protection Regulation. It is EU law. In order to have the principles of the GDPR in UK law, the Government enacted the Data Protection Act 2018. It sits alongside the UK GDPR.

The 7 principles are listed below.

  1. Collecting and processing people’s personal data has to be done transparently, fairly and lawfully.
  2. The personal data being collected can only be used for the purposes that were outlined when it was requested. However, sometimes organisations can share personal data without your consent.
  3. Only the type of data that is needed for fulfilling the purposes stated when the data was requested can be used.
  4. The data has to be destroyed once it is no longer needed.
  5. The data should be kept up to date and be accurate.
  6. Appropriate steps have to be taken to make sure that the data is secure.
  7. The company collecting or processing the personal data has to prove that they have taken measures to ensure that all of the above principles have been put in place. They should have accountability.

If you want more details about how the UK GDPR works, you can read this ICO guide.

The Boots Advantage Card Cyber Attack

One example of how a data breach could occur that concerns Boots could be the incident from 2020. Boots’ systems had not been compromised, but hackers had tried to access accounts using passwords taken from other sites. Under 150,000 Boots Advantage Cards users were affected.

Boots temporarily suspended the use of the Advantage Card service. Additionally, they advised customers whose accounts were potentially affected.

The breach could have been the result of a ‘password stuffing’. Password stuffing is a technique that cyber attackers use to try to access data. It involves using the passwords and login details obtained from prior data breaches to access personal data held on other websites and systems.

It works on the basis that many people use the same passwords for multiple different accounts for convenience’s sake. This means that there is a chance that once one account is breached, its details could be used to access others.


In addition to this instance, an information request to the ICO showed that the ICO had dealt with 38 cases of data security complaints made against Boots between 2014 and 2017.

Calculating Compensation Claims For A Data Breach By Boots

Calculating the compensation amount you could be entitled to claim for a data breach involves working out how badly impacted you were by the breach and assigning a financial value to it.

In a data breach claim, you could be entitled to claim compensation for the emotional distress or psychological harm a data breach causes you.

In the case Vidal-Hall and others v Google Inc [2015], it was established that claimants could seek compensation for mental harm caused by a data breach, even if there was no financial loss. Additionally, this compensation could be valued as it would be in a personal injury claim.

In the compensation table below you can see some of the figures from the Judicial College Guidelines. These figures are recommendations on what could be awarded for certain injuries. They do not represent the final total amount of compensation you could be awarded.

Severe psychiatric damage£51,460 to £108,620
Moderately severe psychiatric damage£17,900 to £51,460
Moderate psychiatric damage£5,500 to £17,900
Less severe PTSD£56,180 to £94,470
Moderately severe PTSD£21,730 to £56,180
Moderate PTSD£7,680 to £21,730
Less severe PTSDUp to £7,680

As part of the data breach claim, you would be required to attend a medical assessment. The reason for this is to:

  1. Prove that your injuries were caused or exacerbated by the data breach.
  2. Assess the severity of your injuries.

An independent medical professional would assess your injuries and create a report. Should you use the services of a solicitor, they’d use that report to help them when valuing your injuries.

For further details of assessing how much compensation you could claim, call our advisors. They offer free, accurate estimates.

Types Of Damages Awarded For Breaches Of Data Protection

In the above section, we only addressed one type of damages you could be awarded for a successful data breach claim. That’s the damages you could be awarded for the mental harm a data breach causes (non-material damages).

The other type of damages you could claim is material damages. This is compensation for the financial loss a data breach causes you to endure.

The scale and long-term ramifications of a data breach can be serious. If banking details are breached, then potentially your savings could be stolen or used to make fraudulent purchases. Your credit cards could be maxed out. The harm done to your finances by a data breach could affect your credit rating, resulting in you being denied loans or mortgages in the future.

In order to claim compensation for financial losses, you will have to prove that these damages occurred and were caused by the breach. Documents you would use as proof include bank statements, bills and credit scores.

If you want advice about putting together evidence for material damages, you can call our advisors.

Could I Get Help From The Information Commissioner?

Before you start a claim, you could make a complaint to the ICO. The ICO is the Information Commissioner’s Office. This is an independent body that is responsible for enforcing data protection law.

You could make a complaint to the ICO If you believe that a data breach has occurred. But first, you’d need to contact the company involved. If more than three months have elapsed since you last were in meaningful contact with the company about the issue, then the ICO may decline to follow up on your case. Therefore, it is best that you make the report sooner rather than later.

As a regulator, the ICO can investigate a complaint, and hand down a fine to the organisation if they find that a breach has occurred for which the company is responsible.

You can use this page to make a report to the ICO.

However, remember that the ICO can’t issue you compensation. You could make a claim in order to get compensation. Therefore, contact our advisors to discuss your options when it comes to making a compensation claim.

No Win No Fee Compensation Claims For A Data Breach By Boots

If you are worried about how to fund a solicitor, then we can help. We recommend working with our panel of lawyers to make your claim. That’s because our panel works on a No Win No Fee basis.

No Win No Fee means that you only have to pay for the services of a lawyer after the case is completed if you win. Furthermore, in a No Win No Fee agreement, you and your data protection solicitor agree to the success fee. This is the fee your solicitor receives in the event of a successful claim. It’s a small percentage of the compensation. Plus, it’s capped by law.

If the claim doesn’t win, you don’t have to pay the solicitor’s fee. Plus, there are no upfront or ongoing solicitor fees.

A No Win No Fee agreement can be a positive sign that your lawyer is confident in your claim’s chances of success. For more details of how a No Win No Fee claim works, contact our advice team.

How To Get Free Advice From A Data Breach Solicitor

If you would like to seek out a data breach solicitor, then the first thing you could do is to look at reviews of solicitors that have been posted online. The opinions of people who have worked with those solicitors before can be of great use.

They don’t just tell you how successful these lawyers have been with their previous clients, they also tell you a lot about:

  • How easy they are to work with
  • Whether or not they are friendly
  • How well they communicate with their clients
  • Whether or not they left their clients satisfied

If you need help finding the right solicitor, contact our advisors. They can offer you advice and point you in the direction of one of the data security solicitors on our panel.

Don’t worry about the location of your solicitor; our panel of solicitors can work on claims from anywhere in the country. Plus, our panel offers their services on a No Win No Fee basis.

How A Data Breach Victim Can Start A Claim

If you want to take action over a data breach, one of the first things you can do is make a complaint directly to the organisation that you believe to be responsible for it. They may have dedicated data protection officers responsible for handling these sorts of matters.

A direct complaint gives you and the company the opportunity to resolve the matter between yourselves. However, if this does not resolve the issue then you can try and make a report to the ICO.

If you have evidence of a valid claim and are wondering about compensation, why not take up the matter with us? The first step is to contact our advisors and discuss your situation with them. They can offer you a consultation about your prospects of making a claim successfully and connect you with one of the lawyers on our panel if you wish to go forward with the claim.

Speak To A Solicitor

We hope you’ve found this guide on the concept of a potential data breach by Boots helpful. If you want to reach our advisors, then below are the ways you could do it.

FAQs On Data Breach Claims

How much compensation can you get for a data breach?

The amount of compensation you could receive for a data breach depends on different factors including the severity of the situation you have faced. For an assessment of what you could be entitled to receive, contact our legal advice team.

Can I get compensation for a data protection breach?

If a company’s failings have caused a personal data breach and your personal information was involved, it could cause you to suffer financial loss or psychological harm. If you can prove this, you could claim compensation. Additionally, a data breach lawyer could help you. Contact us today to find out if you could be entitled to claim compensation.

Can I sue a company for a data breach?

If a data breach (caused by a company’s positive wrongful conduct) has resulted in your financial loss or mental harm, you could claim compensation. Call us today for a free consultation on making a claim.

What is the punishment for breaking the Data Protection Act?

A person or an organisation that has been found to have breached the Data Protection Act 2018 could potentially face a fine.

Where To Learn More

The following pages have information that could be useful.

My Employer Breached The Data Protection Act, What Are My Rights?

Pharmacy data breach compensation claims guide

Medical data breach compensation claims explained

Claims for data breaches in schools

Data protection: Government advice

Your data matters: ICO guidance

Meet the Information Commissioner

Thanks for reading our guide exploring what could happen after a potential data breach by Boots.

Written by JY 

Edited by RV