My Data Privacy Was Breached By H&M, Could I Claim Compensation?
This is a guide about what evidence could justify data protection breach claims against H&M. When you share your personal data with a business, whether that is your contact information, login details or your banking information, you are placing trust in them to make sure that it is held securely. This protection of personal data has to be upheld by law.
If a company fails to protect your personal information, then not only could they be found to have broken the law and made to pay a fine, but you also could be entitled to make a compensation claim against them. However, you would need to prove that a data breach caused you to suffer financial loss or psychological harm.
In this guide, we look at how you could seek compensation if you have evidence of a valid claim. We recommend you read through it if you are wondering whether or not you could be entitled to compensation and if so, what you could do about it. It will also try to answer questions you might have about how data breaches occur and what your rights are in regards to your personal information.
If you want to speak to our team for some advice about anything raised in this article, get in touch.
You can make an online enquiry to request a phone call from one of our advisors, or you could send us a message through our chatbox feature. (You may have already seen the chatbox in the bottom corner of your screen.) Or, you could ring us on 0161 696 9685 for free legal advice with no obligation to proceed with the services of our panel of solicitors.
Select A Section
- A Guide On Data Protection Breach Claims Against H&M
- What Are Data Protection Breach Claims Against H&M?
- How Does The GDPR Affect Third-Party Data Sharing?
- What Happened In The H&M Data Breach?
- Calculating Compensation For Data Protection Breach Claims Against H&M
- Types Of Compensation Awarded After Employment Data Breaches
- How To Report An Employer To The Information Commissioner’s Office
- Make A Data Protection Breach Claim Against H&M With A No Win No Fee Solicitor
- How A Data Breach Protection Lawyer Could Help You
- How Victims Of An Employment Data Breach Could Start Their Claim
- Speak To A Solicitor
- FAQs On Employer Data Breach Claims
- Where To Learn More
If you have been affected by a data breach as a customer or as an employee of H&M, you could be entitled to make a compensation claim. But in order to do this, you will have to have to prove you suffered financially or psychologically because of the data breach.
This guide will explore:
- Data breach protection law
- How data breach compensation claims work
- How data breach specialist solicitors can help.
Throughout this guide, you will see links to other pages on this website, as well as links to other websites. You will see FAQs about data breach compensation claims. There is also a compensation calculator table that outlines the amounts of compensation that you could be entitled to claim.
But first, it’s useful to know some essential definitions:
- Data controller: Usually an organisation, they decide how and why they need to process personal information.
- Data subject: The individual whose personal data is processed by the data controller.
- And the data processor: Sometimes a data controller uses a data processor (such as an agency) to process personal data on their behalf.
If there is anything that is covered in this guide that you want to know more about, then please contact us for a free consultation.
A data breach is a situation in which the security and privacy of your personal information, required by law, are breached. It could lead to your personal data being accessed by unauthorised parties and/or misused. This could happen either accidentally or through deliberate actions.
Because of the dangers inherent in having your personal information exposed in this manner, it could be classed as a breach of data protection laws (explained in further detail in the section below).
A breach of your personal data could leave the company liable to a fine as well as to data breach compensation claims.
In a data breach claim, the claimant and their solicitor (if they choose to use the services of one) essentially seek compensation to cover the damage and harm caused by the data breach. This damage may be psychological, such as anxiety. It may also be financial. For example, the leaking of bank details may lead to theft.
During a data protection beach claim, you would use need to evidence the harm you’ve suffered.
The use of your personal data by a third party you have shared it with is strictly regulated by the General Data Protection Regulation (GDPR). This is EU legislation that was enacted into UK law through the Data Protection Act 2018.
These laws are intended to make sure that the way in which a company manages personal data is secure and safe. Breaking these laws could result in a fine, as well as liability for compensation claims.
The outlines of the regulations set out in data protection law are as follows:
- Only lawful, fair, and transparent methods of gathering data may be used.
- Only the data necessary for the expressed purposes of collecting data may be used.
- Data controllers shouldn’t use an excessive amount of personal data. They should only use what’s required for their purposes.
- Personal information shouldn’t be stored for longer than it’s needed.
- Data should be accurate and up to date where possible.
- Data must be held securely to prevent unauthorised access.
- The data controller or processor should be responsible for what they do with the data.
In October 2020, H&M was the subject of the second-largest fine ever handed down for breaches of GDPR security to a single company. A German data protection watchdog handed down a fine worth just over £32 million following a year-long investigation into the companies’ activities.
It was found that employees at an H&M service centre in Nuremberg had been subject to extensive record gathering by their employer. Information about employees’ medical records, holiday schedules, as well as private information like religious beliefs and family situations, were gathered and stored by management within the company and used in employment decisions and performance assessments.
The investigation also found that managers had been taking down records of information disclosed in informal chats between employees as part of this process.
Authorities gave H&M a very large fine as a deterrent to prevent other employers from committing similar breaches of data privacy in the future. H&M offered an unreserved apology for the data breach. You can find out more about this case at the following link.
If you have evidence of a valid claim, you are probably already giving some thought to the amount of compensation you could be entitled to claim. We know that this may be a pressing issue for you, and it may influence your decision to make a claim or not.
Initially, we can’t give you an exact figure, because it is unique to each case, but we can help you to start to get a rough figure. We can explain the process of working out the amount of compensation you could claim.
To start with, some of your compensation could be awarded to reflect the harm that having a data breach can do to your mental health. Mental health difficulties can often stem from a data breach. For example, you may experience stress and anxiety caused by the fear of what might happen as a result of the breach.
You could be left with sleeplessness, panic attacks, and severe distress because of the possibility that your personal details could be used to commit theft, fraud, harassment, or real-life physical harm.
Compensation For Data Breach Claims
Compensation can be awarded for these issues, even if no other harm ultimately occurs as a result of the breach. This is because of the legal case Vidal-Hall and others v Google Inc . The Court of Appeal held that the mental health impact alone of a data breach can entitle a victim to claim compensation.
Before this case, you couldn’t claim compensation for psychological harm alone. You had to have suffered financially too. Moreover, the Court held that you could be compensated for mental injuries as you would be for personal injury claims.
The amount you could receive for mental health harm depends on the exact situation. It would be calculated to match the relative severity of your injuries. You can see in the compensation table below recommended brackets for compensation for mental health issues.
These figures are found in the Judicial College Guidelines (JCG). This is a publication that lawyers may use to help them when valuing different injuries.
|Severe psychiatric damage||£51,460 to £108,620|
|Moderately severe psychiatric damage||£17,900 to £51,460|
|Moderate psychiatric damage||£5,500 to £17,900|
|Less severe psychiatric damage||Up to £5,500|
|Less severe PTSD||£56,180 to £94,470|
|Moderately severe PTSD||£21,730 to £56,180|
|Moderate PTSD||£7,680 to £21,730|
|Less severe PTSD||Up to £7,680|
If you can’t place your condition in the compensation table, don’t worry. Call our advisors for a free, accurate estimate.
Another type of compensation you could be entitled to claim is known as material damages. This is compensation for the financial loss that the data breach causes. This can include any financial losses caused by identity theft, fraud, loss of work, or damage to your credit rating (for example) that result from the data breach.
In order to claim these losses as part of your compensation, you will need to provide proof. This proof can come in the form of financial documentation relating to these losses, such as communication with your bank, bank statements, receipts and invoices.
Without this supporting evidence, compensation for your losses cannot be validly calculated. You can talk to our advisors about how a data protection lawyer could help you to put together this evidence.
If you wish to report a data breach to the Information Commissioner’s Office, you can make a complaint. The ICO is an official regulator of data protection in the UK. This means that if you make a complaint, the office can carry out a full investigation into the situation. And if they find that there has been wrongdoing in regards to your personal data security, they could impose a fine on the company responsible.
If you want to make an ICO complaint, you should begin it within three months of the last time you communicated with your employer about the issue. The ICO’s decision may be affected if you wait longer than this.
It’s important to note that the ICO can’t directly help you claim compensation. However, you could claim alone or with the help of a solicitor. If you have evidence of a valid claim, get in touch because our advisors could connect you with our panel of lawyers.
For more information about data protection breach claims against H&M, please call our advisors today.
Making a compensation claim, like any kind of legal action, means that you may want to hire a lawyer to help you. The services of this lawyer will have to be paid for in some way or another. In some cases, a lawyer could be paid for simply by providing a lump sum upfront payment. But this might not be the best way of making a claim for everyone for a number of reasons:
- Firstly, not everyone will have the money needed to make this payment, especially if they have been the victim of theft or fraud.
- Secondly, lots of potential claimants may see this as a financial risk where they have to win the claim in order to avoid losing money to solicitor fees. Others may feel that the amount of compensation that they could be entitled to claim would not justify the amount they would have to spend on funding a solicitor in the first place.
There is a method to making a compensation claim that can do a lot to reduce this element of risk. It’s known as a No Win No Fee agreement. This is a type of agreement that you can make with your solicitor.
Essentially, you would only pay the solicitor’s fees if the claim wins. You’d pay a ‘success fee’, which is a small percentage of the compensation you receive. The No Win No Fee agreement itself would outline the percentage before you sign so that you’re aware of it. Plus, under law, the fee is capped.
You also won’t have to pay upfront or ongoing fees. You’d only pay after the compensation comes through.
For more details about No Win No Fee agreements, you can call our team.
A data breach lawyer can be extremely useful when making a data breach claim. They have the training, knowledge, and experience to try and ensure that you are able to make a successful claim. Plus, they can accurately value your claim.
It is also vital that you are able to work with a data breach solicitor who can be easily accessed and communicated with, and who is not going to charge you an amount that makes your claim financially risky.
Our panel of lawyers offers No Win No Fee agreements. And, they can work for you from anywhere in the country through any method you prefer, including emails, phone calls, and video calls.
Before you make a compensation claim, you may wish to report the breach to the data protection officer of H&M, or another relevant party. The data protection officer of the company that you have experienced a data breach with could provide you with an explanation and an apology. That could leave you feeling as though the situation has been resolved. If not, the record of you attempting to mediate the issue could help support your claim.
Your next step then could be to make a complaint to the ICO, depending on the outcome. You could then come to us, or just simply come straight to us instead of making an ICO complaint in the first place.
If you have a conversation with one of our advisors, they will explain your options to you. They can assess whether or not you could have the right to make a compensation claim. They could also give you a rough estimate of the amount you could claim.
We’ve almost come to the end of this guide on data protection breach claims against H&M. If you have evidence of a valid claim, you may be considering your next steps.
Get in touch to speak about making a claim with one of the solicitors on our panel. Or, if you aren’t sure yet, you can ask to speak to an advisor and get a friendly consultation about any of your concerns or questions about making a claim.
- Make an online enquiry to request a phone call from one of our advisors at a time that’s convenient for you.
- Send us a message through our chatbox feature, the one that you will have already seen pop up at the bottom of your screen.
- Ring us on 0161 696 9685 to chat with an advisor.
What happens if you breach GDPR at work?
If you are responsible for a breach of the GDPR at work, then you must report the breach to the relevant party. This may be one of your company’s data protection officers.
Can I sue my employer for a data breach?
If your employer has caused a data breach and your personal data was affected, then you could be entitled to bring a data breach compensation claim against them. However, you should be ready to prove that you suffered financially or psychologically because of the breach.
What are my rights if my data has been breached?
If your personal data privacy has been breached, then you have the right to make a complaint to the business or organisation responsible. You could have the right to make an ICO complaint, and you could have the right to make a compensation claim as well (if you suffered financial loss or mental harm).
Can you get sacked for breaching data protection?
Employers have different policies on what can constitute actions that lead to a dismissal. You may want to get in touch with your HR department or speak to your manager to see what the consequences of a data breach at work might entail.
Thank you for reading our guide regarding data protection breach claims against H&M.
Written by JY
Edited by RV