If a company misused your data you may wonder whether you could make a personal data breach claim. Businesses must process data “lawfully, fairly and in a transparent manner” according to the UK General Data Protection Regulation. So if a company fails in their adherence to the UK GDPR and this causes your personal data to be breached subsequently leading to you suffering harm you may be eligible to make a data breach claim.
Please contact us today to speak to an advisor about making a data breach compensation claim. They can answer your questions. Should they find that your case has solid grounds for claiming data breach compensation they may connect you to a data breach solicitor. Claims taken on by our data breach solicitors are conducted under No Win No Fee terms.
Please get in touch with us now to see if you can start the claims process:
- Call our helpline on 0800 073 8801 for free legal advice
- Contact us online
- Or you can type your question into our Live Support widget, and we will answer it as soon as possible.
Select A Section
- What Is Personal Data?
- When Can Companies Use Your Personal Data?
- Making A Subject Access Request If A Company Misused Your Data
- Who Could Have Misused Your Personal Data?
- Calculating Compensation If A Company Has Misused Your Data
- No Win No Fee Data Protection Breach Claims
Let’s define what personal data is before we look at how a company could potentially misuse your data. Personal data identifies a person. Simple information such as a person’s name and address counts as personal data. However, personal data can also be highly sensitive, such as information about one’s health or personal characteristics.
A personal data breach is a security incident that affects a data subject’s personal information. The integrity, confidentiality and security of your personal data may all be affected in a data breach.
The following incidents count as a data breach:
- The organisation accidently loses a file containing your personal data
- An organisation alters, deletes or destroys the data accidentally
- An organisation leaks or exposes data to an insecure environment.
- Unauthorised persons can access the data.
- Or, an organisation can disclose personal data without a lawful basis to do so.
Data misuse is when an organisation uses personal data in a manner that breaches the UK GDPR or the Data Protection Act 2018.
Data processors or controllers (organisations that say what data should be collected and why) must comply with the principles of the UK GDPR when they process data. The UK GDPR requires companies to do the following when they process data:
- The processing of data must be lawful, transparent and fair
- Purpose limited.
- Not kept for longer than necessary.
- Data controllers must have security measures in place to protect your data.
Personal and personally sensitive data have the protection of UK law. This means that when such data is being processed it must be kept safe. Should an organisation fail in its duty to protect this data according to the legislation it could be found liable if personal data is breached.
When Could A Company Have Misused Your Personal Data?
A company can misuse your information if your data is processed without a lawful basis. The six lawful reasons for processing data are as follows:
- Legal Obligation
- Vital interests
- Public task
- Legitimate interests
If you believe a company has misused your data, you can make a Subject Access Request to confirm this. Data subjects have the “right of access“. The right of access means that data subjects have the right to request the information that is being processed about them. You can make a formal Subject Access Request to find out the following information:
- What data of yours a company has processed
- How the organisation is using the data
- What parties the company has shared your data with
- And the source the company got the data from
If it becomes apparent that a company is misusing your personal information, you can use the response to the Subject Access Request as evidence to support your claim.
A company can process personal data belonging to an employee, customer, or key stakeholders. What kind of companies or organisations could be considered data controllers:
You may have experienced emotional distress or psychological injuries after a data breach if sensitive and personal information is breached. Furthermore, fraudsters can use personal data such as financial information to steal money or assets from you.
Who is eligible to make a personal data breach claim? Below we look at the eligibility criteria.
- An organisation failed to comply with the UK GDPR
- Your personal data was breached as a consequence.
- Consequently, you experienced emotional distress or psychological injuries after the data breach.
- Or you lost money or assets because of the data breach.
Please contact us today to enquire about making a compensation claim.
If a company misused your data, you might be eligible to make a data breach claim. If your claim is successful, your compensation payment can include up to two types of damages:
- Material damages are compensation for financial losses.
- Non-material damages are compensation for emotional distress and mental health injuries.
This table contains bracket amounts that could be considered for non-material damages. We used the 16th edition Judicial College guidelines to create the table. However, valuing a compensation claim is a complicated process. So if you win your claim, the compensation you receive may vary.
|Injury Type||Degree Of Injury||About The Injury||Compensation|
|Psychiatric Damage||Severe||There are several factors which could affect the amount of damages you could receive for psychiatric damage. These include, the effect it has had on the claimants relationships. If they could still work or study. How successful treatment was and their prognosis.||£54,830 to £115,730|
|Moderately Severe||There are significant issues with the factors highlighted above. There is, however, a more optimistic outlook for making some degree of recovery. Most instances will be in the middle of the bracket.||£19,070 to £54,830|
|Moderate||Whilst similar problems could have been caused, by the time of any claim reaching trial, there will have been a good level of improvement.||£5,860 to £19,070|
|Less Severe||How much compensation is awarded takes account of the length of time any symptoms lasted for.||£1,540 to £5,860|
|PTSD||Severe||There will be permanent effects on the injured party. This could stop them from being able to work, to study or affect relationships.||£59,860 to £100,67|
|Moderately Severe||This is not as severe as the category above. This is because the person could have a better outlook for recovery if they get professional help.||£23,150 to £59,860|
|Moderate||The claimant should have almost recovered. If there are any continuing effects, these are not grossly disabling to the person.||£8,180 to £23,150|
|Less Severe||The person should have nearly recovered. This should have happened in around one or two years.||£3,950 to £8,180|
Please contact us today, and we can provide you with an estimate for your potential compensation payment.
If a company misused your data and this led to your personal information being breached you may be considering making a data breach claim for the harm this has caused. If your case has good grounds, we can provide you with a No Win No Fee data protection solicitor to manage your compensation claim.
This will require you to sign a Conditional Fee Agreement CFA. Within the CFA it will explain the terms and conditions of the service for which the solicitor will provide.
No Win No Fee generally means:
- No upfront payment needed to your solicitor
- If the case succeeds a legally capped percentage of your compensation will be taken as a success fee by the solicitor
- If the case does not succeed no success fee to pay.
To see if you can make a data breach claim, please contact us today:
- Call our advice line on 0800 073 8801
- Contact us via our website
- Or use the web chat function to ask an advisor a question online
Data Breach Claim Resources
You may find the following online resources helpful.
Your right to be informed if your data is being used – an ICO guide
A guide to purpose limitation, one of the key principles of the UK GDPR
A guide to data processors and controllers – an ICO guide
We appreciate you taking the time to read our online guide on what to do if a company misuses your data.