Post Office GDPR Data Breach Compensation Claims Guide – How To Claim?

My Data Privacy Was Breached By The Post Office, Could I Claim Compensation?

When you sign up for services with many organisations, you may need to provide them with personal information. In the wrong hands, that information could cause serious problems for you so you wouldn’t want it shared. Luckily, data security rules have been strengthened with the introduction of the General Data Protection Regulation (or GDPR). This is important because when data breaches do occur, they can sometimes lead to distress, anxiety and even financial loss. Therefore, in this article, we are going to review the harm that could result from a GDPR data breach by the Post Office. Furthermore, we’ll explain when compensation could be claimed following a breach and the amount that might be paid.

Post Office data breach compensation claims guide

Post Office data breach compensation claims guide

Legal Helpline can assist you if you are considering making a claim. Our team of specially trained advisors are happy to review your case with you. They will provide free legal advice and you won’t be under any obligation to claim. However, if your case appears to be strong enough, we could appoint a data breach lawyer from our panel to support you. If you both agree to work together, your claim will be processed on a No Win No Fee basis.

If you can show that you’ve suffered damage following a Post Office data breach, why not call us on 0161 696 9685 today? One call could be all that’s needed to start the claims process. Alternatively, if you want to find out more about claiming for the suffering caused by a data breach, please continue reading.

Select A Section

A Guide On Claiming For A Data Breach By The Post Office

The GDPR was brought into force when the Data Protection Act 2018 was implemented in UK law. As a result, individuals (referred to as data subjects) have been given greater control over the use of their personal information.

Since the new laws came in, organisations (data controllers) are now obliged to have a lawful reason for processing personal data. As you may have noticed recently, on many occasions you will need to be told when your information is to be used and you might need to provide consent too.

Additionally, there is now a greater emphasis on implementing procedures to keep personal information safe and secure. If that doesn’t happen, an organisation could be investigated by the Information Commissioner’s Office (ICO). If they are found guilty of not upholding data protection laws, they could receive an order to pay a large fine. That process won’t involve you being compensated though. Instead, you will need to take independent legal action.

If you do decide to claim, you will need to act within the relevant time limits. Mostly, there is a 6-year limitation period. Please bear in mind, though, that some claims are limited to 1-year if they are based on human rights breaches.

As we progress, we will show you what damage a personal data breach can cause. Importantly, you could claim for a data breach whether it involves physical documentation or digital data.

Please speak to an advisor if you have any questions about the claims process. If you decide to claim, they will be able to review your options with you. Should your case have strong grounds, you could be connected with a specialist data breach lawyer from our panel who’ll work on a No Win No Fee basis if they accept your case.

What Are Claims For Data Breaches By The Post Office?

Any organisation that processes or stores your personal data has a legal obligation to keep it as secure as possible. Data breaches are caused when a security-related incident means that personal information is lost, accessed, altered, disclosed or destroyed in an unauthorised manner. It is important to point out that you could claim if you suffer from the breach whether it was caused deliberately, illegally or accidentally.

To be eligible to claim compensation, there needs to be evidence that the breach occurred and that you suffered damage as a result. The forms of harm you could claim for include psychiatric damage caused by distress, anxiety and depression as well as financial losses.

You may have heard of data breaches caused by cyber attackers in the press. But they are not the only cause. While breaches relating to digital data caused by phishing emails, malware, ransomware and viruses are common, breaches can also result from errors handling physical documents too.

In the GDPR documentation, personal data is described as information that might help to identify a data subject. Direct identification is possible from information relating to names, telephone numbers, addresses and other contact details. Indirect identification can result from data relating to characteristics like gender, age, ethnicity or marital status. As a result, this information is also covered by the GDPR.

Third-Party Data Sharing Explained

Companies, generally, need your permission before sharing your personal data. That means they shouldn’t share information with other companies without asking your permission.

For example, if data about you is shared with another organisation for marketing purposes, a breach will have occurred if you hadn’t agreed to such sharing.

There are some exemptions, though. If there is a lawful reason to share your information, a breach will not have taken place. To find out more, please refer to the ICO’s website.

If you would like to proceed with a claim because your data has been shared illegally, please call today.

Enforcement Action Taken By The ICO Against Postal Services

As we have mentioned, the ICO has powers that allow it to issue fines to companies who break data protection laws. In this section, we’ll look at a case where the Post Office was fined £12,000 by the ICO.

The ICO was contacted by a member of the public after they received an email from the Royal Mail despite having opted out of marketing communications. The ICO’s report states that the Post Office issued emails to 327,014 people who had previously requested not to be sent any marketing information. This happened over two dates in July 2017.

The communication was relating to a reduced price for parcel delivery. However, the ICO said that due to a lack of consent, the ICO had broken the law. The Royal Mail argued that they had been providing a service by telling customers about the new pricing structure. However, the ICO disagreed.

They said that the messages were a breach of regulation 22 of the Privacy and Electronic Communications Regulations 2003 and issued the fine accordingly.

For free guidance on whether you could claim compensation following a personal data breach, please contact us today.

Calculating Compensation Amounts For A Data Breach By The Post Office

In this section of our guide, we are going to look at potential settlement amounts for data breach claims. The compensation we’re looking at is for psychiatric injuries like anxiety and depression.

In an important case at the Court of Appeal, two important decisions were made. When deciding the case of Vidal-Hall and others v Google Inc [2015], the Court said that:

  • Claimants are entitled to seek damages for psychiatric injuries whether money has been lost or not. This changed the previous position in which claimants had to have suffered financial damage to claim for psychological impacts.
  • Compensation for non-material damage should be valued with reference to personal injury law.

In our compensation table below, we have listed amounts for relevant injuries from the Judicial College Guidelines. This is a document used when valuing personal injury claims.

Type of ClaimSeverityAward RangeDetailed Information
Psychiatric DamageSevere£51,460 to £108,620In this category, there will be marked issues with coping with work and life in general. The prognosis will be very poor as the claimant won't benefit from treatment, will be vulnerable in the future and there will be problems with relationships.
Psychiatric DamageModerately Severe£17,900 to £51,460The significant problems and symptoms in this category will be very similar to above. However, the claimant's medical prognosis will be more optimistic.
Psychiatric DamageLess SevereUp to £5,500Minor symptoms of stress, anxiety or depression that resolve within a few weeks or months.
PTSDSevere£56,180 to £94,470The claimant will suffer with permanent PTSD symptoms. As a result work won't be possible and nor will a return to pre-trauma levels. Every aspect of the claimant's life will be affected.
PTSDModerately Severe£21,730 to £56,180The symptoms in this category will be very similar to those described above. However, with professional aid, some recovery should be possible.
PTSDModerate£7,680 to £21,730In this category, the claimant will have largely recovered.

To help prove the extent of your injuries, you will need a medical assessment. During the claims process, our panel of lawyers can usually arrange these locally to you.

An independent medical expert will conduct the assessment. They will review your medical records and ask questions about the ways in which you were affected. After they have finished, a report will be compiled outlining your injuries and your prognosis. This will be used to both value your injuries and prove your case.

For a more precise compensation estimate relevant to your circumstances, please get in touch with our team on the number at the top of this page.

Types Of Compensation Awarded In The Event Of A Data Breach

When you calculate data breach compensation claims, there is a lot to consider. Not only will your claim relate to any suffering that has happened, but it may also need to include future suffering too. The reason for this is that only one claim is allowed, so you need to get it right.

Data breach compensation can be made up of two heads of claim. The first is called material damages. This part encompasses financial losses, costs and expenses caused by the data breach.

The second is non-material damages. They might be claimable if you have suffered the likes of depression or anxiety as a result of the breach.

Material damages claims usually begin with the amount of money you have already lost. In some cases, you may then need to work out if you might suffer more losses later on. That could be the case if your data has been sold to criminals on the dark web. If that happens, losses could accrue until you are able to migrate to new financial accounts.

Non-material damages claims will usually look at diagnosed illnesses first. However, your medical report might suggest suffering that could continue into the long term. If that is true, this would be factored into your claim. For example, you might need to claim if the symptoms of Post-Traumatic Stress Disorder (PTSD) are likely to prevent you from working.

Having a specialist lawyer on your side might be the best way to achieve the correct level of compensation. That’s because, with their experience, they should be able to fully understand how you’ve suffered and everything is included in your claim.

Could I Report The Post Office To The Information Commissioner?

Before you speak to the ICO about the data breach that has affected you, a formal complaint will need to be raised with the Post Office. When you receive a response, you will need to take it further up the chain if you’re not happy with it.

Once 3-months have passed since you last heard from the Post Office, you could get in touch with the ICO if you are still not happy. They might then decide to investigate. If they agree with you, they could issue a fine or order changes to data protection procedures. They won’t issue compensation to you though.

You do have the option to make a data breach claim against the Post Office directly though. If that is something you would like to do, why not give our specialists a call today?

No Win No Fee Claims For A Data Breach By The Post Office

One thing that worries many people when starting a claim is paying out money because of lawyer’s fees if the case is lost. Luckily, we have a panel of data breach lawyers who work on a No Win No Fee basis for all accepted claims. That allows you to worry less because you still get access to a specialist lawyer but your financial risks are reduced.

At the beginning of any claim, a lawyer will need to check that they’re happy with the merits of your claim. If they agree to work for you, you will receive a Conditional Fee Agreement (CFA) to review. The formal title for a No Win No Fee agreement, this is a contract that tells you what your lawyer needs to achieve before they are paid. The contract will also show you that:

  • The lawyer will not want payment upfront.
  • You don’t need to cover lawyer’s fees while they process your claim.
  • Should the claim not succeed, you won’t have to pay your lawyer’s fees at all.

If your lawyer does win your case, they will deduct a small success fee from any compensation payment. This is to cover the cost of their work. The fee is a percentage of your settlement that’s listed within the CFA. By law, such fees are capped to try and stop overcharging.

We can check whether your claim is suitable for a No Win No Fee service, so why not call today?

Can I Sue For A Breach Of Data Protection?

As explained earlier, data breach claims might be possible if you have suffered damage. Our advice is that you are more likely to win your case and receive the right level of compensation if you have a data breach lawyer on your side. If your case is accepted by a lawyer from our panel, they will:

  • Discuss your claim in full with you so that they understand exactly how you have suffered.
  • Request copies of any evidence that could substantiate your claim.
  • Book you in for a local medical assessment.
  • Prepare a comprehensive claim before sending it to the defendant.
  • Manage communication with the defendant’s legal representative so you don’t need to speak with them.
  • Try to ensure that you are fully compensated for all of your sufferings.

If you would like to learn more about how we could help you claim, please get in touch today.

What To Do If You Are A Victim Of A Data Breach?

In brief, we are going to explain how to proceed with Post Office data breach claims once more. To start, you need to make a formal complaint to Post Office directly. After your complaint has been answered, you will need to escalate it if you don’t agree with the response.

After 3-months without further contact, you could ask the ICO to investigate your complaint. At the same time, you have the option to start legal action as the ICO won’t be able to help with compensation claims.

If that is something you would like to do, we can help. Our panel of data breach lawyers offer a No Win No Fee service for all claims they take on which makes the whole process less stressful. Please call today if you have any questions about starting your claim.

Contact A Data Breach Expert

You have almost completed this guide GDPR data breaches by the Post Office. Hopefully, we have clarified your options and you now know what you’ll do next. If you would like to claim, then we are here to help. You can get in touch by:

For your convenience, our team are available to answer your questions 24-7. You’ll be offered free legal advice and an honest opinion about the chances of success.

Post Office Data Breach FAQs

In this part of our Post Office data breach claims guide, we have supplied answers to a few frequently asked questions. If you have any questions that we haven’t covered, please call our team today.

What is an example of a data breach?

A simple example of a data breach could be where personal information about you is sent in a letter but is posted to the wrong address.

What are the consequences of a data breach?

Data breaches affect people in different ways. While some breaches don’t cause any problems, others could cause you to suffer psychiatric damage as a result of embarrassment, distress or anxiety. Furthermore, if criminals are involved, you could lose out financially too.

Is a data breach illegal?

Data breaches can be caused by illegal acts such as hacking. They can also be caused accidentally too. The Information Commissioner’s Office could fine any organisation that is found to have broken data protection laws.

How do you handle a data breach?

Organisations who become aware of data breaches must inform the Information Commissioner’s Office and begin an investigation. If a data subject might be put at risk, they should be told a) when the breach took place, b) how it happened and c) what type of data was leaked.

Where To Learn More

You have arrived at the final section of our article on Post Office data breach claims. Therefore, we are going to add some links here to some external resources that may prove useful. If there is anything else you would like us to help with, please don’t hesitate to call our team.

Royal Mail Data Protection – This document explains how Royal Mail meets its data protection obligations under the GDPR.

PTSD Treatment – NHS information on the different treatments that could help with the symptoms of Post-Traumatic Stress Disorder.

How To Make A Subject Access Request – ICO guidance on how to lodge a SAR to get copies of your data.

To show you how else we could help you in the future, we have added some more Legal Helpline guides below:

GDPR Data Breach Compensation Claims – This article explains how you could be compensated if you fall victim to a data breach.

Bank Data Breach Claims – Information that explains if you have a valid claim following a bank data breach.

Medical Data Breach Claims – Provides guidance on when you could be compensated for suffering caused by a medical data breach.

Thank you for reading our guide to seeking compensation following a data breach by the Post Office.


Guide by BH

Edited by REB