Advice On Whether You Can Claim Compensation If An Organisation Has Misused Your Data

Has an organisation used your data not for its intended purpose, and you are wondering, “Can I claim compensation if an organisation has misused my data?” A misuse of data can be the basis of a data breach compensation claim, but not always. We start the guide by defining important terms and laws before explaining the criteria you must meet to start legal action. As the guide progresses, you can see examples of data misuse and identify which cases can lead to a claim.

We also guide you through evidence that can prove a personal data breach occurred and caused you harm, before discussing the two types of damage that a successful claim payout can compensate you for.

The guide concludes by explaining how our expert data breach solicitors could help you claim substantial compensation on a No Win No Fee basis if you have a valid case.

If you have any data breach claim questions, just give us a call or reach out online. Our advisors offer free and useful advice with no obligation to progress with a claim, so reach us any time or day by:

  • Calling 0800 073 8801.
  • Going online to contact us and share details.
  • Use the live chat option that pops up on this page.

A light blue circle on a dark blue background. Inside the circle are the words 'data breach'

Select A Section

  1. Can I Claim Compensation If An Organisation Has Misused My Data?
  2. How Can An Organisation Misusing My Data Lead To A Data Breach?
  3. Evidence That Can Prove A Data Breach Claim
  4. What Compensation Could You Claim For A Data Breach?
  5. Make a No Win No Fee Data Breach Claim Against An Organisation That Misused Data
  6. Find Out More If You Can Claim Compensation If An Organisation Has Misused Your Data

Can I Claim Compensation If An Organisation Has Misused My Data?

Any organisation that processes your personal data has a legal obligation to keep it safe. Personal data, according to the UK General Data Protection Regulation (UK GDPR), is information that can be used either directly or indirectly to identify you. For example, your name and address are types of personal data.

An organisation that decides how and why your personal data is used is a data controller. They may process data alone, or with the aid of a third party, referred to as a data processor. Both controllers and processors must follow the UK GDPR and the Data Protection Act 2018 (DPA).

Article 5 of the UK GDPR lays out the key data protection principles, which include the need for organisations to process data lawfully, fairly and transparently. It is when these principles are not being followed that your data may be misused. 

These principles need to be followed when your data is being processed:

  • Lawfulness, fairness and transparency
  • Purpose limitation
  • Data minimisation
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality (security)
  • Accountability

However, just because these principles are not being followed does not mean a data breach has occurred. 

The Information Commissioner’s Office (ICO), an organisation that protects UK citizens’ data rights and freedoms, explains that a personal data breach is a security breach leading to personal information being either accidentally or unlawfully:

  • Destroyed.
  • Lost.
  • Altered.
  • Disclosed to, or accessed by an unauthorised party.

Under Article 82 of the UK GDPR, you have the right to make a data protection compensation claim if you are affected by a breach of data protection legislation.

When you consider whether you can claim data breach compensation if an organisation has misused your data, make sure your case meets these criteria:

  • A data controller or processor did not follow data protection law.
  • This caused a personal data breach, or allowed one to happen.
  • As a result, you suffered financial harm, psychological injury, or both.

Proving all of the above could lead to you being awarded data protection breach compensation if you successfully sue a company or other organisation. Just give us a call on the number above if you want to learn how our solicitors could help you through the process.

How Long Do I Have To Make A Data Breach Claim?

If you want to make a data breach claim, you must ensure it is submitted within the correct time frame. The general time limit is six years from when the incident occurred. However, it is one year if the claim is against a public body or if a breach of human rights is involved.

To give yourself as much time as possible to get started, please don’t hesitate to get in touch about your potential data breach claim today. Our advisors can help you learn how long you have to start your case.

How Can An Organisation Misusing My Data Lead To A Data Breach?

Data protection laws are in place to protect your data from being used incorrectly. Any organisation that misuses an individual’s personal information could be fined by the ICO. 

The following are examples of a misuse of data:

  • A private healthcare provider keeps hold of data for longer than is required. 
  • A business continues sending marketing emails to a customer who has exercised their right to opt out of receiving them.
  • A recruitment agency uses contact details and personal information to market its other services to users without permission, thus using the data for something other than its originally intended purpose.
  • A company sells customers’ details to a third party.

While all of the above may be considered a misuse of data, alone they aren’t valid data breach claims. You can claim compensation only when you can prove that a data controller or processor failed to adhere to data protection laws, which led to your personal information being involved in a breach that led to you suffering harm. 

If you’re unsure whether you can claim compensation if an organisation has misused your data, just call today, and our advisors can help clear things up for you.

A letter being put into a red letterbox. Post being sent to the wrong address could be an example of a data protection breach.

Evidence That Can Prove A Data Breach Claim

Your data protection compensation claim requires valid evidence to show that an organisation misused your data in a way that led to a data breach. Proof you could present in a case includes:

  • A notification letter or email from the organisation that experienced the data breach. They are expected to make affected individuals aware without delay if a high risk data breach occurs. This communication should explain what the breach was, how it happened, and the steps they are taking to counter it.
  • Any proof you have, for example, of a letter being sent to the wrong address, the letter could be submitted as evidence.
  • Your correspondence with the organisation. You could contact them directly if you believe data has been breached but there has been no notification.

If the organisation fails to give a satisfactory answer, you could also complain to the ICO within three months of your last contact so they can investigate. If you report concerns to the ICO and they investigate, their findings could contribute to your evidence.

You should also provide documents that highlight how you were impacted. For example, you could ask a psychiatrist to share a copy of their report for use as medical evidence, or collect bank statements to track financial loss.

What Compensation Could You Claim For A Data Breach?

Data breach compensation addresses either one or two types of damage.

Non-material damage covers emotional distress you went through as a direct result of the data breach. Having your personal data compromised can have a significant impact on mental health, leading to conditions including anxiety, stress or Post-Traumatic Stress Disorder.

Those calculating compensation might look at the Judicial College Guidelines (JCG.) This document contains numerous guideline brackets for mental injury compensation. We have used the JCG to compile the table you see below.

Compensation Table

This table features guideline compensation figures from the JCG. Only the top line is not taken from this document. However, it should only be used as a guide.

Very Severe Mental Injuries Plus Financial LossesVery SevereUp to £500,000+Serious mental injury, in addition to financial harm, such as the cost of moving house due to a data breach.
Psychiatric Damage In GeneralSevere£54,830 to £115,730Factors taken into consideration include the prognosis and ability to cope with life, work and education. In severe cases, the prognosis is very poor and there are marked issues dealing with everyday life.
Moderately Severe£19,070 to £54,830The prognosis is more optimistic than it is for someone with severe psychiatric damage. However, there are still significant issues dealing with life and relationships.
Moderate£5,860 to £19,070While there are some issues, the affected person has recovered to a marked degree and has a good prognosis.
PTSDSevere£59,860 to £100,670PTSD has a permanent effect on all parts of the injured person's life. They cannot work at all, or at least to pre-trauma levels.
Moderately Severe£23,150 to £59,860The effects are considered seriously disabling. However, the injured person has a positive prognosis in comparison to severe cases.
Moderate£8,180 to £23,150Ongoing effects are not grossly disabling and the impacted person can largely recover.

What Is Material Damage?

You may want to seek compensation for how a data breach has affected you financially. Material damage refers to financial losses that a personal data breach inflicts.

For example, a data breach could cause someone to pay for enhanced online security or move home. Alternatively, a malicious actor could have used credit card details to commit identity fraud and take out loans in the affected person’s name. Compensation for material damage aims to address these losses.

Data breach compensation claims can be for material or non-material damage alone, or for both. If you’d like to discuss payouts in more detail and get insight into how much compensation you might be able to claim, just call us today.

Make a No Win No Fee Data Breach Claim Against An Organisation That Misused Data

If you have a valid data breach claim after an organisation misused your data, you may want the services of an expert data breach solicitor to pursue a compensation claim. 

All our data breach solicitors work under No Win No Fee terms for every claim they take on. If one of our solicitors agrees to take on your case, they will do so under a Conditional Fee Agreement CFA. It guarantees that you do not pay solicitor fees before or during the claim. And should the case fail, you will not pay for the solicitor’s work at all.

If your claim is successful, the solicitor collects a success fee. This is a small percentage of the compensation you receive, with The Conditional Fee Agreements Order 2013 guaranteeing that the majority goes to you.

A solicitor in a white shirt sitting at a desk. A solicitor could help you claim compensation if an organisation misused your data.

Contact Us

You can get started by asking us whether you can claim compensation if an organisation has misused your data. Our advisors can answer questions about data breach cases, give further guidance and assess your possible claim.

So if you have seen your data breached and want compensation for how it has affected you, all you need to do to learn more is either:

  • Call 0800 073 8801 and ask about data protection claims. 
  • Use our online form to contact us and share details about your case.
  • Open the live chat tab and send a message.

Find Out More If You Can Claim Compensation If An Organisation Has Misused Your Data

Here are some more data breach claim guides from us:

Some further useful information can be found here:

We hope our guide has helped answer the question, ‘Can I claim compensation if an organisation has misused my data?’

Please call today if there’s anything further we can do to help.