How To Claim For Data Protection Breaches In A Nursery

Who do you report a breach of data protection to at a nursery? Have you or your child’s personal details being accessed without authorisation? Perhaps a member of the nursery staff left crucial and private information out for others to see? Or did a social media and website post include details about you or your child that you do not consent to? Compensation for data protection breaches in a nursery is possible.

Nursery data breach compensation claims guide

Nursery data breach compensation claims guide

Legal Helpline can help. In the space of a brief and free consultation with our friendly team, we can assess how the data protection breach in the nursery has impacted either you or your child. We could connect with a data breach lawyer If you were exposed to financial or emotional damage. They could calculate the full extent of those damages and build a case for compensation against the negligent daycare or nursery provider.

We also examine how you can act on behalf of your child as a ‘litigation friend’ if their data was breached. Litigation friends are people who can represent the legal interests of minors or others unable to represent themselves. Speak to our team to discover how you can protect both your and your child’s data rights by:

Call us on 0161 696 9685. Or write to us at

Select A Section

  1. A Guide On Compensation Claims For Data Protection Breaches In A Nursery
  2. What Are Data Protection Breaches In A Nursery?
  3. What Is A Third Party Under The GDPR?
  4. Examples Of Data Protection Breaches In A Nursery
  5. Calculating Compensation Amounts For Data Protection Breaches In A Nursery
  6. Types Of Compensation Awarded For Nursery Data Breaches
  7. How To Report Your Nursery To The Information Commissioner
  8. No Win No Fee Claims For Data Protection Breaches In A Nursery
  9. How An Educational Data Breach Solicitor Could Help You
  10. How To Begin A Data Breach Claim Against A Nursery
  11. Talk To A Specialist Solicitor
  12. FAQs On Data Protection Breaches In A Nursery
  13. Where To Find Out More

A Guide On Compensation Claims For Data Protection Breaches In A Nursery

New laws brought in the UK, the Data Portectection Act 2018, gives people more rights over the handling of their personal data. General Data Protection Regulations (GDPR) describe how data should be handled and processed. Nursery schools are included under these laws.

Since a change in the law in a landmark case of Vidal-Hall v Google, it is now possible to seek compensation for either emotional or psychological damage in their own right. Previously there needed to be a financial loss to validate emotional harm, but thanks to this change you can claim for either or both. This means that with the right supporting evidence, a data breach solicitor (if you choose to use one) can seek damages for emotional distress under the same type of personal injury heading awards as any other claim.

At Legal Helpline we are able to introduce you to advisors who can offer exactly the sort of free legal advice to help guide your claim for data breach compensation. We explain how a body called the Information Commissioners Office (ICO) regulates how businesses and organisations handle personal data.

What Are Data Protection Breaches In A Nursery?

Firstly, it’s important to be clear about what a data breach is. GDPR offers better choices for when peoples data is being processed. There are stricter rules now around the sharing and handling of any personal data. Businesses now need to strengthen their security so that any personal data is secure and not accessible to the wrong entities. If cybercriminals and hackers are allowed to access computer software systems with malware and viruses to exploit the opportunities for fraud because organisations storing personal information did not provide secure systems those businesses can be liable. There are different parties involved in data management:

  • Controllers – people who collect the personal information
  • Processors – people who process the data on behalf of the controller
  • Third parties – people who may receive the data and use it under instruction from controllers or processors.

Data sharing is useful and many organisations rely upon it to give good service. There is nothing inherently wrong with data sharing as long as consent is clearly given. In response to the mishandling of personal data, a set of principles were established:

  • Be clear, obvious, and fair
  • Only collect data that you need
  • Collect for specific and legitimate purposes
  • Ensure that data is accurate and updated on a regular basis.
  • Storage limitation – keep the data only for a set period of time.
  • Integrity and confidentiality at all times to ensure utmost security
  • Accountability – to admit to a breach and inform those involved

A breach is a lack of adherence to any of these key principles. Accidental or deliberate loss, alteration, and destruction is also a breach.

What Is A Third Party Under The GDPR?

In response to the way that consumers’ information was being used online, the GDPR laws sought to curtail the use of peoples’ personal information. Today, when any of us visit a website we are confronted with a consent form that requires our permission before we can continue. These ‘cookie preferences’ as they are referred to may seem irritating and many people click ‘yes’ simply to be rid of them, but they are important.

This is our opportunity to express our preferences about how our private data is shared with third parties. Often agreeing to data use may mean that you accept others can contact you in an unsolicited way or examine and analyse your online viewing habits to target you in advertising and marketing schemes. Do you really want this?

A ‘third party’ is defined as a person or public agency, authority, or body other than the data controller and processor who are authorized by them, to process our data. Information that is given to them without your consent could result in the controller or processor being liable in certain circumstances.

Speak to our team for more information if there were data protection breaches in a nursery that involved you. Thanks to GDPR we can not only have more control over who sees and uses our data, but we and our children have a form of redress if they abuse that privilege.

Examples Of Data Protection Breaches In A Nursery

Nurseries and pre-schools are happy places that provide an excellent and safe introduction to the education system for small children. The child-care opportunities they offer mean that millions of parents can go to work and support their families better as a result. Nobody sets out to sue a nursery, but the simple truth is that you have grounds for compensation if neglect on their part exposed you to a data breach. The results of which could lead to monetary theft and attacks on your very identity.

A nursery may need to keep both hard drive and paper records of a great many details. The medical requirements of certain pupils, their family situations, and any private domestic arrangements, as well as the educational progress and needs of the children.

Data breaches can arise from:

  • Chatting about children or parents details in a casual way
  • Leaving computer screens open for others to see
  • Leaving documents lying around
  • Including personal details in social media posts
  • Losing USB sticks or laptops and smartphones
  • The accidental or deliberate sharing of data
  • Destruction or alteration of files either deliberately or through human error without authorisation.

The ICO has the power to issue huge fines against companies that fail in their GDPR expectations. Contact our team today to learn more about claiming for a school data breach.

Calculating Compensation Amounts For Data Protection Breaches In A Nursery

Our table below shows a cross-section of typical awards that psychiatric injury could be awarded. These figures are provided by the Judicial College in the guidelines and are based on previous cases. The aim is to provide a fair and reasonable compensation amount to take into account the psychological harm of personal injury and in this case, the trauma caused by a data breach.

InjuryEffectsSuggested Award
Psychiatric Damage - SevereSevere problems that affect many areas of daily and social life.£54,830 to £115,730
Psychiatric Damage - Moderately SevereSignificant problems with daily life. But, there is a more optimistic prognosis.£19,070 to £54,830
Psychiatric Damage - ModerateMarked improvement shave been made, despite having struggles with various problems.£5,860 to £19,070
Psychiatric Damage - Less SevereThe effect on daily activities and sleep will be taken into account. £1,540 to £5,860
PTSD - SevereInability to function the same as pre-trauma due to permanent effects.£59,860 to £100,670
PTSD - Moderately SevereRecovery is possible with help from a professional, but the person will still likely suffer for the foreseeable future.£23,150 to £59,860
PTSD - ModerateLargely recovered with any persisting symptoms not being majorly disabling.£8,180 to £23,150
PTSD - Less SevereA full recovery is made within 2 years, with only minor problems persisting after this.£3,950 to £8,180

If you choose to use one, your No Win No Fee data breach solicitor can help to arrange an independent assessment. This can evaluate your suffering. If you can demonstrate that the data breach caused emotional distress you could claim compensation as you could with a personal injury claim.

Importantly, a data breach solicitor can help you set an accurate figure on potential future losses that can be the result of a data breach. For example, if your details fall into the hands of a cybercriminal who uses them to open a credit card in your name, the charges, and fees from the bank could go for months. With only one chance at making a claim, it’s essential you include everything.

Types Of Compensation Awarded For Nursery Data Breaches

Because of GDPR laws and the Vidal- Hall case, with the change in law, you can now claim for both emotional and financial harm (together or separately) caused by a data breach. This means that if the nursery in question failed in its legal duty of care to handle your data properly (or by extension, that of your child) you can be compensated for both the financial damage and emotional distress. There are two types of compensation recognised in data breach claims as ‘material’ and ‘non-material’.

Material damage

This means the actual tangible financial damage that you suffered as a result of a data breach. Therefore, such as:

  • Stolen money from bank accounts
  • Credit facilities opened in your name
  • Money lost through stolen identity
  • Any financial loss that arose from the sudden impact of data breach on your personal or financial security

Speak to our team for clarification if you have an expense and you’re not sure.

Non material damage

The second head of damages focuses on the ‘non-material’ damage, so this refers to emotional or psychological harm. Previously financial damage needed to be present to imply emotional damage. That is no longer the case and now both, or either type of compensation can be claimed.

With this in mind, there are very real impacts related to being the victim of a data breach. They can have an award amount attributed to them using the same guide a solicitor would use for any other cause of personal injury. Psychiatric damage caused by a data breach can be:

  • General distress
  • Insomnia and nightmares
  • Anxiety and depression
  • Panic attacks
  • PTSD (Post-traumatic stress disorder)
  • Suicidal thoughts

All these impacts can have a compensation amount applied to them. Using the paper evidence to prove financial damage and the medical evidence to prove emotional harm, a data breach solicitor can calculate compensation that truly reflects the full impact of the data breach on your life. They can then seek these amounts as compensation for your loss and suffering.

How To Report Your Nursery To The Information Commissioner

As discussed, agencies of all kinds have a duty to report data breaches within 72 hours to the ICO.

Firstly, the nursery may not know there has been a breach, so try to discuss your concerns with them to establish if you have been affected. You can do this formally as a letter of complaint. If you hear nothing three months after their last response, you can ask the ICO to step in and help.

If you fail to hear anything from the nursery, ask the ICO to investigate. You should collect any evidence if money has been stolen or your health has been affected. Begin to collate evidential proof of financial or emotional damage caused by the data breach. Doctors’ reports and bank statements can support your claim.

A No Win No Fee data breach solicitor can then look at your case and decide if it has the merit to succeed. At no upfront costs to you, this type of service enables you to engage the services of a solicitor and plan your case for compensation.

No Win No Fee Claims For Data Protection Breaches In A Nursery

No Win No Fee agreements are a way to use the services of a data breach solicitor without there being any upfront payment. When you sign agreements like this, there are no fees to pay the solicitor upfront. Furthermore, you have no fees to pay to retain their services as the case progresses. In addition to this, there is nothing to pay your solicitor if the case fails.

Working on your behalf, the No Win No Fee solicitor takes a small percentage at the conclusion of successful cases only. Fees are limited. This ensures that the bulk of the compensation amount goes directly to you. In addition, any fees are only due after you received your settlement. Furthermore, because their fee derives from a winning case, No Win No Fee solicitors have a build-in interest in obtaining the best outcome for all concerned.

How An Educational Data Breach Solicitor Could Help You

At Legal Helpline we could connect you with a data breach solicitor to take up your case. After a brief and free initial consultation with our team, we can assess your claim and put you in touch with a solicitor who has experience in handling cases of this nature.

Importantly, there is a six-year time limit to starting a data breach claim but this is not a license to delay as the gathering of information can taker longer than expected. Speak to our friendly team at Legal Helpline today and we can help you assemble all the right evidence and information to start a claim.

Previously, people searched for legal representation either in their local high street or online. At Legal Helpline we bring excellent legal representation to you. Simply call our advisors and we could connect you with a skilled solicitor who can understand every impact of data protection breaches in a nursery. They can offer practical steps to deal with the consequences of data breaches.

How To Begin A Data Breach Claim Against A Nursery

We’ve covered them in this article but it’s worth recapping them here. Firstly:

  • If you  discover the breach, raise your concerns in writing with the nursery
  • Breaches should be reported by the nursery to the ICO within 72 hours
  • You can ask the ICO to look at the case.
  • Begin to collect evidence of how the breach has impacted your mental health, that of your child, or your finances
  • Speak to a No Win No Fee educational data breach solicitor for help

Talk To A Specialist Solicitor

Hopefully, this article has helped clarify what you can do as the victim of a data breach at your child’s nursery. GDPR has made it possible for consumers to have much greater control over the information that is in the public realm about them. Criminality online is still a huge problem. Speak to our advisors on the number below. If they can see you have a solid case they can connect you to a solicitor from our panel. Call us on 0161 696 9685. Or write to us at

FAQs On Data Protection Breaches In A Nursery

What is the biggest cause of data breaches in schools?

Staff negligence can account for a large proportion of data breaches. Hackings of computer systems from outside sources can happen. In practice, it can something as simple and every day as a member of staff leaving a laptop open. Or re-posting a social media post without consent from the people it includes.

How long does a nursery have to refer data breaches to the ICO?

72 hours is the time frame for reporting a breach to the ICO.

To whom should concerns about data breaches be reported?

Initially, you should raise concerns with the nursery, in writing.

What harm could me or my child suffer from a data breach?

Mental distress issues such as anxiety or panic attacks can result from the vulnerability felt after a data breach issue. In severe cases, suicidal thoughts, too. Unlike a physical accident, these symptoms could develop over time, therefore it’s important to obtain clear medical advice about prognosis.

Where To Find Out More

Help is available for coping with the effects of cybercrime and also, you can refer to this link for guidance on PTSD or other mental health problems created by extreme anguish. such as depression.

At Legal Helpline we can help with a wide array of data breach claims

Employer Data Breach  – Has your employer breached your personal information. This guide might be useful to you.

Blackbaud Data Breach – Has this data breach affected you. This guide may be useful to you.

Solicitor Data Breach Claims – Has your solicitors’ firm breached your data. This guide might be useful for you.

Written by JW

Edited by MM.