What To Do If You Receive A Data Breach Notice Letter

If you have received a UK GDPR data breach notice letter, you may be wondering what steps you can take next. This article will explain why you could receive a notice letter, what a personal data breach is, and who could be eligible to make a claim.

We will also elaborate on what personal data could have been involved, the evidence you can gather to support your claim and how much compensation you may be eligible to receive. Lastly, we will explain how our panel of No Win No Fee lawyers can help you begin the legal process.

Should you have any further questions, you can contact our advisors for some free, relevant legal advice. They can give guidance on the validity of your claim and may be able to connect you with one of the solicitors from our panel. Contact our advisors today by:

a data breach severity gauge showing the level to be maximum

I Received A UK GDPR Data Breach Notice Letter, Can I Claim?

Select A Section

  1. What Is A UK GDPR Data Breach Notice Letter?
  2. Why Could You Have Received A UK GDPR Data Breach Notice Letter?
  3. Data Which May Have Been Impacted
  4. What Other Evidence Could Help Prove Your Claim?
  5. What Could You Claim If You Received A UK GDPR Data Breach Notice Letter?
  6. Contact Us If You Received A UK GDPR Data Breach Notice Letter

What Is A UK GDPR Data Breach Notice Letter?

 The UK General Data Protection Regulation (UK GDPR), in conjunction with the Data Protection Act 2018 (DPA), are the pieces of legislation setting out data protection relgulations for the UK. They set out how organisations need to act to safeguard personal data. 

If your personal data has been involved in a breach, the organisation responsible may send you a notification letter. By law, you must be notified of a breach that affects your rights or freedoms without any undue delay. However, you may still receive a letter even if this isn’t the case.

A personal data breach is defined by the UK GDPR as a security incident compromising your data, resulting in unlawful or accidental loss or alteration, destruction or disclosure to or access by an unauthorised party. 

The entities that decide how and why personal data is processed are called controllers. Data processors might be enlisted to process your data on behalf of the controller. Both of these organisations have a responsibility to adhere to data protection legislation. 

For more information on what a UK GDPR data breach notice letter could mean for you, contact our advisors. They could advise you whether you have a valid claim.

Why Could You Have Received A UK GDPR Data Breach Notice Letter?

If you receive a UK GDPR data breach notice letter, this means your personal data has been involved in a breach. However, not all instances of a data breach will form the basis of a successful claim. This is because the breach must be a result of the organisation’s failings in order for you to be eligible to claim. If the controller or processor did everything they could to safeguard your data, but a breach happened despite this, you would not be entitled to claim.

Also, you must suffer financial and/or psychological harm. If you were not affected by the breach of your personal data in this way, you’d be unable to claim. 

Some scenarios in which a personal data breach could happen as a result of an organisation’s failings include:

  • Sending personal data to the wrong person or address despite having the correct information on file
  • Leaving an unencrypted laptop containing personal data on public transport
  • Publishing a report containing personal data without redacting information

Contact our advisors today to find out what steps you can take if you have received a UK GDPR data breach notice letter. 

Data Which May Have Been Impacted

If you have received a UK GDPR data breach notice letter, you might be wondering what data could have been affected. The UK GDPR protects information that can identify an individual, whether alone or when combined with other information; this is the definition of personal data. This can include:

  • Your name, phone number, or home address
  • Email address
  • Date of birth
  • Banking details, such as credit or debit card numbers, sort codes, and account numbers

There is also a subcategory of personal data called special category data that requires extra protection under data protection law, because of the potential it has to cause harm if involved in a breach. Some examples of special category data include personal data relating to your:

  • Race and ethnicity
  • Trade Union membership
  • Health
  • Sexual orientation

Our advisors can provide free legal advice and more help with your potential personal data breach claim when you get in touch today. They will be happy to answer any questions you have. 

What Other Evidence Could Help Prove Your Claim?

In order to make a claim for a personal data breach, you must demonstrate that the breach occurred as a result of the data controller or processor’s wrongful conduct. For example, you may show they did not take all the appropriate steps to ensure an individual’s data was as secure as possible in their care. 

You could report a breach to the ICO if you’re unhappy with how they have handled the situation; you should do this within three months of the last meaningful communication you had with them. They can not provide compensation. However, they may choose to investigate the breach. If the organisation is found to be in breach of data protection legislation, it may be fined.

Keeping evidence of harm you suffer as a result of the breach can also help your claim. For example, a medical report stating that you have suffered a psychological injury, or bank statements that prove financial harm.

A solicitor from our panel could help you gather evidence to support your claim. Contact our team to learn more.

What Could You Claim If You Received A UK GDPR Data Breach Notice Letter?

Compensation for data breaches consists of two parts, also known as:

  • Material damage – Where you suffered financial losses, including fraudulent loan applications, credit card theft, unlawful money bank withdrawals 
  • Non-material damage – The psychological injuries sustained due to the breach. These can include stress, depression, post-traumatic stress disorder (PTSD) and paranoia. 

There are no average payouts for personal data breach claims because compensation is calculated depending on the unique circumstances of the claim. However, you can get an idea of your potential compensation by checking the 2022 edition of the Judicial College Guidelines (JCG). The table below shows some examples of guideline compensation brackets for mental health injuries.

Severe general psychological harm (a)£54,830 to £115,730The injured person has problems with daily life and relationships. The award received depends on the treatment sought, its success, prognosis and future vulnerabilities.
Moderately severe general psychological harm (b)£19,070 to £54,830A more optimistic prognosis than above; however, there are still significant problems affecting the same factors as in more serious cases.
Moderate general psychological harm (c)£5,860 to £19,070Some problems still persist, however, the prognosis is better than in more serious cases.
Less severe general psychological harm (d)£1,540 to £5,860The award considers the disability period and how much it has affected daily lifestyle and sleep.
Severe anxiety disorder (a)£59,860 to £100,670Where the injured person could be permanently unable to work or function at a level close to pre-trauma.
Moderately severe anxiety disorder (b)£23,150 to £59,860Recovery is possible with professional assistance, but future significant disabilities are still likely.
Moderate anxiety disorder (c)£8,180 to £23,150Some recovery has taken place with only effects that aren't grossly disabling continuing.
Less severe anxiety disorder (d)£3,950 to £8,180Over one to two years, the injured person will have undertaken a virtually full recovery with very minor persisting symptoms.

Since Vidal-Hall and Others v Google Inc [2015], the Court of Appeal ruled that you no longer need to claim for material damage when claiming for non-material damage. Now, non-material damage can be claimed alone or in tandem with material damages.

For a free estimate of what your claim could be worth, contact our team of advisors today.

Contact Us If You Received A UK GDPR Data Breach Notice Letter

If you received a UK GDPR breach notice letter and intend to pursue a claim, then we recommend contacting our advisors to ensure you have a legitimate case. If they find you have a valid claim, they may pass you on to our panel of expert solicitors. 

Our Conditional Fee Agreement (CFA) solicitors offer legal representation with no upfront fees. A CFA solicitor will receive their payment through a success fee which they only take if you are awarded a settlement. This fee is a legally-capped percentage of your compensation they take to cover the costs they have accrued over the course of your claim.

Contact our advisors and possibly our panel of lawyers by:

Articles Related To This Guide

Please see our other useful data breach guides:

Or, refer to the informative external links provided:

Contact our advisors today for more information if you received A UK GDPR data breach notice letter.

Written by JE

Edited by CH/FS