Ibis Hotels GDPR Data Breach Compensation Claims Guide – How To Claim?

My Data Privacy Was Breached By Ibis Hotels, Could I Claim Compensation?

The personal data held by hotel chains could cause you significant issues if it falls into the wrong hands. For example, imagine what might happen if a criminal got hold of your name, address, payment card details and travel itinerary. Fortunately, the General Data Protection Regulation (or GDPR) means that data safety and security rules have been strengthened. If the type of data mentioned were to be leaked by a hotel data breach, you could suffer anxiety, distress and even financial losses. In this article, we are concentrating on data breach claims against Ibis Hotels. We will explain what could cause data breaches to happen and explain when you might be able to claim compensation for any harm that results.

Ibis Hotels data breach compensation claims guideFor anybody who is thinking about claiming, Legal Helpline is here to support you. We provide a free telephone review of your case and will give free legal advice about your options.

You won’t be under any obligation to make a claim, but we do have a panel of data breach lawyers who could help if your case is suitable. Furthermore, if they accept your case, you’ll receive legal representation on a No Win No Fee basis.

We can help you today if you’re ready to begin a claim for a hotel data breach. Our team can be reached on live chat or you can call 0161 696 9685. Our specialists offer free claims advice whether you decide to continue or not.

If you’d like more details about what constitutes a data breach and when it could result in a compensation claim, please read on.

Select A Section

A Guide On Data Protection Breach Claims Against Ibis Hotels

The GDPR is something most people will have heard of by now. It was introduced into UK law by the Data Protection Act 2018. The idea behind these laws is to offer individuals (data subjects) better control over how and when their personal data is used. According to the GDPR, any organisation (the data controller) that wishes to use and process personal data must have a lawful basis to do so. This can sometimes be achieved by informing you why your information is required and requesting your permission before using it.

If an organisation doesn’t adhere to the new laws or fails to keep personal information safe, then they might expect to be contacted by the Information Commissioner’s Office (ICO). Following an investigation, the ICO could enforce changes on how the company manages data security. They could also hand out a fine. However, the ICO will not issue any compensation to those harmed by a GDPR data breach. That is why you would need to make your own claim.

We should point out that time limits apply to data breach claims. Mostly, the limitation period is 6-years from the date you obtained knowledge of the breach. You may wish to check with one of our advisors, though, as claims linked to human rights breaches have a 1-year time limit.

Claims are possible for all sorts of data breaches. You are not limited to claiming for suffering caused by criminal activities. It is entirely possible to claim compensation for suffering resulting from a data breach that was caused by a simple mistake. For instance, if a USB stick containing your personal information was left on a train and you suffered damage as a result, a claim could be possible.

Please feel free to contact our team if you have any queries. We can answer any questions you may have and review whether your claim could result in compensation.

What Are Data Protection Breach Claims Against Ibis Hotels?

As data controllers, hotels need to take steps to secure any personal information they process. The definition of a data breach is where a security problem results in information about a data subject being lost, destroyed, disclosed, altered or accessed in a way that has not been authorised. Importantly, you could be compensated for any resulting harm whether the breach resulted from an accidental, deliberate or illegal act.

To be eligible to seek compensation, you must be able to prove that the breach took place and that it caused you to suffer damage. The forms of damage you could claim for include pain and suffering caused by psychiatric injures (anxiety, depression, distress) and financial losses.

The GDPR covers any data that might be used to help identify a data subject. That means your name, email address, mobile number and home address. Furthermore, data relating to your characteristics could help identify you indirectly, so this is also covered. Examples include ethnicity, disability, gender, age or marital status.

Finally, while it is quite normal to read about cyber attacks causing data breaches these days, they are not the only things you can claim for. Data recorded on physical documentation is also covered by the GDPR. Therefore, if a hotel were to dispose of printed records that contain personal data in an unsecured way (i.e. they were not shredded), a breach might’ve happened if those records end up in the public domain.

Third-Party Data Sharing Under The GDPR

Data sharing is a requirement for many functions these days. Without the ability to share information, hotels might struggle to function properly. For example, if you ask the hotel to book theatre tickets for you, they may need to share your name and telephone number.

While data sharing can be helpful, it is important that there is a lawful basis for doing so. For example, a hotel may need to tell you they are going to share your details in the example above and get your permission.

Even though these new laws exist, unauthorised data sharing still happens and it can cause disruption for the data subject. If you have suffered because your personal data has been shared without your consent, you could be entitled to seek compensation. Please call today and we’ll review your options for free.

What Penalties Can Be Imposed On Hotels By The Information Commissioner?

At the time of writing, there were no fines listed for Ibis Hotels listed on the ICO’s register of fines. A French subsidiary of Accor Hotels (who own Ibis) has been involved in a breach but that is outside of the ICO’s jurisdiction. Therefore, in this section, we’ll show details of a data breach by another hotel group that resulted in an £18.4 million fine.

Mariott Hotels took over another hotel chain, Starwood Hotels, in 2014. A failure to carry out proper due diligence checks on Starwood’s IT systems exposed the hotel chain to a flaw in their network security. As a result, hackers were able to infiltrate Marriott’s systems via Starwood’s, causing a massive data breach. Estimates suggest that hackers had access to some 339 million guest records. The data available to them included names, passport numbers, email addresses, phone numbers and arrival or departure details.

The ICO issued the fine because the exploit remained in place until it was spotted in September 2018. They did take into account that Marriott acted quickly once the incident was discovered and that they’d informed the ICO promptly.

Source: https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2020/10/ico-fines-marriott-international-inc-184million-for-failing-to-keep-customers-personal-data-secure/

Calculating Amounts Of Compensation For A Data Breach By A Hotel

In this section, we are going to take a look at how much compensation might be awarded in data protection breach claims. The compensation calculator table below shows figures for psychiatric damage and Post-Traumatic Stress Disorder (PTSD).

In an important hearing at the Court of Appeal (Vidal-Hall and others v Google Inc [2015]) two relevant decisions were made:

  1. It is possible to be compensated for injuries caused by a data breach in cases where no money has been lost.
  2. Compensation awards ought to be paid at the same level as used in personal injury law for damage such as distress, anxiety and depression.

For that reason, we have sourced data from the Judicial College Guidelines (JCG) to populate our table. The JCG is used in personal injury claims to help lawyers determine suitable compensation awards.

InjurySeverityCompensation RangeDetails
Psychiatric DamageFactors considered in these claims include: 1) How the claimant can cope with life and work; 2) The impact on personal relationships; 3) If treatment will help; 4) Future vulnerability; 5) Prognosis.
Severe£51,460 to £108,620
Moderately Severe£17,900 to £51,460
Modeate£5,500 to £17,900
Less SevereUp to £5,500
Post-Traumatic Stress DisorderSevere£56,180 to £94,470
Moderately Severe£21,730 to £56,180
Moderate£7,680 to £21,730
Less SevereUp to £7,680

As you may have noticed, the severity of any injury is an important factor when setting compensation amounts. Therefore, to help prove the extent of your suffering, you will need to have a medical assessment as part of the claims process. Our panel of lawyers will always try to book these locally to reduce the amount of travelling required.

Your appointment will be with an independent medical expert. They will consider your medical records and discuss your suffering with you. After the meeting has ended, a report will be compiled. This will explain the level of suffering already sustained and also a prognosis for the future.

To receive a more precise compensation estimate relevant to your circumstances, or to learn more about what else you can factor into a data breach claim, simply call our team on the number at the top of this page.

Material And Non-Material Damages Awarded To Data Breach Victims

When you claim for a GDPR data breach, it’s not just a matter of asking for a certain amount of money. You need to justify your request and provide evidence to explain the amount you are claiming. What makes these claims even harder is the fact that you may need to account for future suffering too.

One part of your claim may relate to material damages. That is compensation that aims to recover any costs or financial losses caused by the data breach. In addition to calculating losses you’ve already suffered, some cases might need to consider future losses too. For example, where your details are circulating in criminal circles on the dark web, you might continue to lose out financially until you manage to move your finances to new accounts.

Non-material damages claims cover any injuries you’ve suffered, such as distress, anxiety or PTSD. Consideration will first be given to any conditions that have already been diagnosed. After that, you might have to refer to your medical report, obtained as part of the data breach claim, and consider any suffering that could continue into the future.

As you can see, some data breach claims can become rather complex. Therefore, we advise that having a legal representative on your side could help. If you work with a data breach lawyer from our panel, they will assess your claim thoroughly before submitting it.

If you would like to know more about how we could help you, please call an advisor today.

How To Raise Your Complaint With The Information Commissioners’ Office

One route you may wish to take is to ask the ICO to conduct an investigation. Before doing so, they will expect you to have complained to the defendant. After you’ve received a response, you will need to follow any escalation routes before you speak with the ICO.

After you have escalated the complaint as far as it can go with the defendant, you can speak with the ICO if 3-months have passed since you heard anything. They may then choose to carry out an investigation. If data protection rules are proven to have been broken, the ICO could order changes and could fine the organisation in question. However, they will not offer you any form of compensation.

We can help if you wish to check your eligibility to claim for a hotel data breach. Our advisors will review your case for free and offer legal advice about your options. If your case is strong enough, we could appoint a lawyer from our panel to represent you.

Make A Data Protection Breach Claim Against Ibis Hotels With A No Win No Fee Solicitor

The thought of paying lawyers fees and then losing your case is enough to put many people off making a claim. But you could reduce your financial risks by using a No Win No Fee lawyer from our panel. By doing so, you’ll benefit from an experienced legal representative, but the process of claiming will be less stressful.

Lawyer’s can’t take on every claim though so they will have to review the validity of your claim before taking it on. If you’re both happy to work together, the lawyer will send you a Conditional Fee Agreement (CFA). This is the formal name for a No Win No Fee agreement and serves as your contract. The CFA will explain what conditions your lawyer will need to achieve before you have to pay them. Furthermore, it will show that:

  • Your lawyer won’t need to be paid upfront.
  • No lawyer’s fees will be charged to you during the claims process.
  • If your claim does not succeed, you will not have to pay any of your lawyer’s fees whatsoever.

Should your claim have a positive outcome, your lawyer will deduct a small and fixed percentage from your compensation. This is called a success fee. It is listed in the CFA so you will know what level you will pay before you sign up with the lawyer.

How A Data Protection Breach Solicitor Could Help You

Our advice regarding data breach claims is to take on specialist legal representation. That’s because we think it will offer you the best opportunity of receiving a fair compensation level. If a lawyer from our panel represents you, they will:

  • Take the time to review your case fully. This is so they can properly understand how you’ve been affected.
  • Help to gather the evidence required to support your allegations.
  • Arrange for you to attend a local medical assessment.
  • Gather all parts of your claim together and send it to the defendant.
  • Manage communication and deal with any objections from the defendant.
  • Aim to achieve the highest level of compensation possible in your case.

For more information on how we could help, please call today.

How To Get Compensation For A Data Breach By A Hotel

In this section, we will briefly reiterate what you should do if you’re thinking of claiming. The first step is to raise a formal complaint with Ibis Hotels. When you have received an answer, you should follow any escalation routes mentioned in their response letter.

If you are still not satisfied, and 3-months have gone by since you last heard anything, you could request ICO intervention. If they agree to investigate, they might issue a fine or order changes to be made. They will not provide you with compensation though.

Therefore, you may wish to call our helpline. If your case is accepted by a lawyer from our panel, they will work for you on a No Win No Fee basis. Please call today to learn more about how we could help you.

Talk To Our Specialist Team

Thank you for reading about data protection breach claims against Ibis Hotels. Legal Helpline is ready to work with you if you’ve decided to claim. To get in touch with us, you can:

To make things a bit easier, our team is available 24-hours a day, 7-days a week. When you call, you won’t be under any obligation to make a claim but you will receive free legal advice on your options.

FAQs On Hotel Guest Data Protection Breach Claims

We are going to use this section to answer some frequently asked questions about data breach claims. If you would like any other questions relating to data breach claims answering, please call our specialists.

What do companies do when there’s been a breach?

If a company discovers that a GDPR data breach has happened, it must launch an investigation. Additionally, the ICO must be informed. If the investigation highlights a risk to data subjects, then they must be contacted as well.

I have already contacted the ICO, can I still claim?

Yes, claims are possible whether you have contacted the ICO or not. Whilst an ICO investigation report might help you prove what happened, they are not always essential in data breach claims.

How do I know if I was affected by a data breach?

Data controllers are legally obliged to tell you if your data has been exposed during a GDPR data breach. This should happen within 72-hours of them finding out about the breach. You may be told in writing or by email.

Are there data breach claim time limits?

In most cases, data breach claims have a 6-year time limit. Cases that relate to breaches of human rights have just 1-year to be made.

Where To Learn More About Data Protection Breach Claims

Thanks for taking the time to read about data protection breach claims against Ibis Hotels. As we have reached the final section, we have decided to provide links to some more useful documents. If you need any further information relating to your claim, please feel free to call us.

IBIS Hotels Privacy Statement – Details about how the company uses personal information and what it does to secure it.

ICO Action – This database includes information on fines and enforcement notices issued by the ICO.

PTSD – Guidance from NHS Scotland on how PTSD is diagnosed and treated. Also includes a self-help guide.

To help you further, here are some more of our guides relating to different types of data breaches.

Housing Association Claims – Advice on how a data breach solicitor could help if your personal information has been leaked by a housing association.

Banking Claims – This article looks at when you could claim for data breaches by banks.

GDPR Breaches – A more generalised guide about the reasons you could claim following a data breach.

Thank you for reading our guide to data breach claims against Ibis Hotels.


Guide by BH

Edited by REB