What are data breaches? How can a personal data breach cause financial or mental harm? This guide shall answer these questions and many more. It will also examine the data breach claims process and what type of compensation is awarded in successful claims.
This guide explains how laws in the UK called the Data Protection Act 2018 and UK General Data Protection Regulation (UK GDPR) define the legal expectations for organisations to correctly process your data and prevent personal data breaches. To talk about this immediately, please:
Select A Section
- What Is A Personal Data Breach Claim?
- How Long Do I Have To Claim For A Personal Data?
- Do I Have To Report The Breach?
- What Evidence Will I Need To Start A Claim?
- Personal Data Breach Compensation Calculator
- How To Start A No Win No Fee Claim
Before examining what are personal data breaches, it’s important to be clear about what defines personal data. Any information that could be used on its own or alongside other details to positively identify you as a living person is personal data. There are some obvious examples, such as:
- Name and address
- Mobile number and email address
- Bank card details
- National insurance number
- NHS number
Under data protection law, other personal data that is considered sensitive ”special category data” is also protected this includes;
- Health data
- Racial and ethnic background
- Political, religious or philosophical beliefs
- Sexual orientation
Special category data are given added protection due to their potential to cause the data subject a greater level of harm if misused.
A data controller is generally an organisation or company that collects your personal information and says how and why it will be processed. Sometimes controllers will outsource their processing to data processors.
Fundamental to a claim for compensation is the ability to show how these parties failed to adhere to UK GDPR and Data Protection Act 2018 by an action they took (or failed to take) to safeguard the integrity of your personal data.
7 Core Principles
The independent body called the Information Commissioner’s Office (ICO) regulates and upholds data protection rights for UK residents.
There are 7 Core Principles for good data processing:
- Collected with a lawful, fair and transparent reason
- Limited in purpose
- Kept to a minimum
- Stored for a specific and limited period
- Kept secure at all times
- Handled with personal accountability for these good data practices.
In addition to this organisations should try to implement robust IT security to stop external cyber attacks from infiltrating their systems and accessing data for criminal purposes.
There are time limits that apply to launching data breach claims. There are 6 years to start a claim. This may seem like a long time to initiate a breach of data protection claim, but it is always recommended to start as soon as possible so that any evidence that is needed to support your case is still available.
Also, please be aware that if the claim is against a public body, the time limit for initiating the case is reduced to just one year.
You can contact them if you suspect an organisation has been involved in a data breach. They should inform you if a breach has taken place and whether your personal data was involved. By law, if they are aware of a data breach that affects your rights and infringes on your freedoms, they must inform you without delay. Also, reporting such a breach to the ICO within 72 hours of becoming aware of it.
If you intend to make a claim following a breach of your personal data, then you can take the following steps;
- Firstly, raise a concern with the organisation in question
- If you are dissatisfied with the response, you can raise a complaint with the ICO.
- Wait no longer than 3 months after the last communication with the organisation to pursue dialogue with the ICO. Beyond this period, the ICO may consider the matter trivial or settled.
- Simultaneously, you can seek legal advice about compensation for the data breach.
In addition to claiming within the time limit and taking steps to raise a complaint, other evidence can play an essential part in data breach claims for compensation. After this experience, a data subject could experience financial losses, especially if banking details have been breached. So bank statements and invoices of fraudulent spending could be used as evidence.
As well as this, medical evidence can be accessed that shows stress due to the breach. Any documented proof that can support your claim of financial loss or psychiatric injury can be considered as long as it directly relates to the data breach.
With this in mind, two areas of data breach compensation may apply after a successful claim. Material damage reflects these out-of-pocket costs and losses you suffered as a direct result of the data breach. This can include:
- Stolen funds from your bank account
- Late fees and unauthorised overdraft issues
- Counselling costs to deal with the stress
- Associated costs to replace personal devices such as smartphones or laptops
If you can provide documented evidence of these losses, it can be possible to claim them back as part of your compensation.
Also, non-material damage may apply. A precedent Court of Appeal case, Vidal-Hall and others vs Google Inc 2015, acknowledged compensation for psychiatric damage in its own right, independent of financial loss.
The table below reflects the amount brackets in the Judicial College Guidelines JCG. This publication is often used when assessing the value of injuries in civil claims.
|Psychiatric Harm||JC Guidelines Award Bracket||Supporting Notes|
|General Psychiatric and Psychological Damage||Severe Degree - (a) £54,830 to £115,730||The person will experience marked issues with relationships, work and education ,creating a significant and long-standing disability|
|General Psychiatric and Psychological Damage||Moderately Severe Degree - (b) £19,070 to £54,830||This bracket includes many of the same issues as above but there is a more positive prognosis. Still representative of a long-standing condition.|
|General Psychiatric and Psychological Damage||Moderate Degree (c) - £5,860 to £19,070||This bracket reflects similar issues but improvements have been made.|
|General Psychiatric and Psychological Damage||Less Severe Degree (d) - £1,540 to £5,860||An award here is given in recognition of the length of illness.|
|Post-Traumatic Stress Disorder abbreviated to PTSD||Severe Degree - (a) £59,860 to £100,670||A permanent and profoundly severe trauma reaction that impacts all areas of the person's life.|
|Post-Traumatic Stress Disorder abbreviated to PTSD||Moderately Severe Degree (b) - £23,150 to £59,860||A similarly reaction but symptoms that can be improved with professional intervention and counselling.|
|Post-Traumatic Stress Disorder abbreviated to (PTSD)||Moderate Degree - (c) £8,180 to £23,150||Cases in which there has been an overall recovery with any residual symptoms being bearable.|
|Post-Traumatic Stress Disorder abbreviated to PTSD||Less Severe Degree (d) - £3,950 to £8,180||A full recovery taking place in 1 - 2 years with persisting symptoms beyond this period being minor in nature.|
Please note – They are merely guidelines.
Our team can explain more when you get in touch.
Legal representation under a No Win No Fee agreement could help if you are considering claiming for damages. A Conditional Fee Agreement may be used as the preferred contract. It will state the terms and conditions of the service provided. These will usually state that a successful case needs a maximum deduction of only 25% for the solicitor’s success fee. This comes from the award you receive.
Cases that do not win require no success fee. Our advisors can assess your case for free when you get in touch. Any claims that look solid and have good grounds could be connected with a data breach solicitor.
To discover more, please get in touch by:
- Calling us on 0161 696 9685
- Contacting us to request a callback
- Or use the ‘live support; option below
Guides On Breach of Data Protection Claims
The resources below will offer more insight on the subject:
- Read more about the Data Protection Act 2018
- Tips on staying safe online from the Government
- Cyber Security Breaches Survey 2022
More of our guides to help answer your frequently asked questions on data breach claims.
- Can I claim if a nursery breached my data?
- When Can You Claim For A Data Breach At Amazon?
- Lost files data breach what compensation could I be awarded?
- Sexual Abuse Data Breach Compensation Claims
- My Employer breached my personal data how do I know if I can claim?
- When Can You Claim For A Vodafone Data Breach?