I Suffered A Psychological Injury After A Personal Data Breach, What Are My Rights?

By Max Murdoch. Last Updated 1st June 2022. If you have read about a data breach recently, chances are it involved either human error or cybercriminals who were trying to extort money from somebody. If you’re wondering ‘what are my rights after a data breach?’ this guide could help.

Victims of data breaches could be entitled to claim back any money they have lost as a result. But did you know that you could also claim for suffering caused by psychological injuries too? For example, if a personal data breach causes you to suffer from anxiety, distress, depression or even Post-Traumatic Stress Disorder, then you could be entitled to claim compensation. Since the introduction of the GDPR (the General Data Protection Regulation), data safety laws have been strengthened. Therefore, we’ll look at how suffering could result from a breach of the GDPR and when you might be entitled to claim compensation for it.

Data breach psychological injury claims what are my rights after a data breach

Data breach psychological injury claims

At Accident Claims UK, we have a team of specialist advisors who can help with the claims process. They offer to review any claim without any obligation for you to proceed and will also give free legal advice on your options. If you do wish to proceed, and a data breach solicitor from our team accepts your case, then you could benefit from our No Win No Fee service.

To discuss your claim with our team, please get in touch by calling 0800 073 8801 today. You will have the opportunity to ask as many questions as you need during your free consultation. If you would like more information about how a data breach lawyer could support your claim, please read on.

Select A Section

A Guide To Personal Data Breach Claims

If you are asking ‘what are my rights after a data breach?’ it may be because you’ve fallen victim to one. If your personal data is obtained by somebody else, it could cause all sorts of problems. For example, you could suffer from embarrassment if colleagues saw your work disciplinary record or you might be held to ransom by criminals who’d obtained sensitive information about you.

Luckily, steps to tighten data security have been taken by introducing laws like the GDPR and The Data Protection Act 2018. Together, the new legislation gives you (the data subject) extra control over how your personal information is used. When an organisation (the data controller) wants to use your details, they now need a lawful basis. In some circumstances, that means they need to tell you why they want to use it and request your permission too.

Where data security laws aren’t adhered to, in certain instances, the Information Commissioner’s Office (ICO) is able to investigate. As the data protection watchdog, the ICO can take enforcement action to change the way companies work with personal data.

Additionally, they are able to fine companies that are found guilty of breaking the law. However, they can’t award compensation to the victims of data breaches. For that reason, we have written this guide about how to claim for a personal data breach yourself.

What are my rights after a data breach? How this guide could help

In many instances, time limits for data breach claims are 6 years. However, you could verify whether that’s the case for you by asking an advisor. That’s because some claims have a 1-year time limit if they involve public bodies, such as an NHS data breach, a social services data breach, or similar.

As we progress, we’ll consider what types of data breaches can occur. Importantly, though, we should point out that the GDPR covers both digital data as well as physical documentation. That means data breaches don’t always need to involve computer systems.

What Personal Data Could An Organisation Hold About Me?

It’s important to realise that organisations may store and process lots of information about you. If any data that could help to identify you is leaked during a GDPR data breach, you could claim for any suffering. The types of information a data controller might hold about you includes:

  • Personal health information (PHI).
  • Medical records.
  • Social services records.
  • Financial transaction history.
  • Sensitive, protected or confidential information.
  • Employment or education records.
  • Your name.
  • Home address.
  • Date of birth.
  • Password used to access websites, apps or online services.
  • Email address.
  • Telephone numbers.
  • Bank account numbers and sort codes.
  • Credit card details.

This is by no way a full list of the information you may supply to different organisations. However, imagine the harm that could be caused if some of the details listed got into the wrong hands.

If you believe your personal data has been exposed by a personal data breach, and it has caused you to suffer, why not call to find out if a data breach solicitor from our team could help you claim?

What Is A Personal Data Breach Claim?

There are many different types of data breaches that could result in a compensation claim. Let’s first look at what a data breach actually is. The GDPR defines it as when some type of security problem means personal information that could identify a data subject is altered, disclosed, destroyed, accessed or altered in an unauthorised manner.

Importantly, you could raise a claim against the defendant for a data breach that has harmed you. This could include accidental breaches as well as deliberate breaches. However, you must prove wrongdoing on the organisation’s part exposed your data.

The GDPR is concerned with all forms of personal data including digital data and also physical documentation. Therefore, breaches containing either could result in a claim. For example, if your GP surgery sends you a letter containing details of your medical conditions and appointments but posts it to the wrong address, a breach would have taken place.

Similarly, if your personal records are accessed or downloaded by criminals following a cyber attack on your bank that could have been prevented, a breach could also have happened. In either case, you may be entitled to sue the responsible party if the breach resulted in you suffering.

If you would like us to take a look at your case to see if you have grounds for a claim, please get in touch today. Our advisors will assess your case and provide free legal advice whether you decide to claim or not.

How Should A Company React If They Have Had A Data Breach?

If a company becomes aware of a personal data breach, there are certain things that they could do. They include:

  • Beginning an investigation into what has happened.
  • Reporting the breach to the ICO (if it’s notifiable).
  • Letting any data subject who might be at risk know about the breach.

If you are contacted because a data breach has occurred, you should receive an explanation of how the breach took place, when it happened and what information may have been exploited.

As we will show later on, the letter or email that you receive could be important evidence that could help your claim. Please bear in mind, though, that just because the data breach happened, doesn’t automatically mean you’ll be compensated. You will need to provide further evidence that proves it resulted in some form of harm.

What are my rights after a data breach – getting help

Our team will happily review your case for you. Without obligation, they’ll look at the merits of your case, provide free legal advice and could pass your case to one of our data breach solicitors.

Examples Of Action Taken By The ICO

As we’ve explained already, the ICO can issue large financial penalties (if appropriate) to an organisation found guilty of breaking data breach law. Here are some recent examples from the ICO’s register of action:

As you can see, the ICO does flex its muscles when certain breaches are identified. In fact, they can issue fines of up to £17.5 million or 4% of a company’s annual turnover.

Data Breach Statistics 

Data breach statistics for UK sectors can be found on the ICO website. These are updated quarterly, with information about the causes of data breaches, and the numbers per sector of data breach incidents reported to the ICO.

If you were wondering which sector had the most data breach reports, in Q2 2021- 22, this was the healthcare sector. It was followed by education, finance, credit and insurance, and then Local Government. You can see how this breaks down below.

what are my rights after a data breach statistics graph

One surprising statistic relating to the causes of data breaches is that the top reason for data breaches is email being directed to the wrong recipient. There are a number of ways in which this could happen. Autofill could be one reason. If someone doesn’t check what the computer has automatically filled in, they could misdirect an email. Alternatively, it could be down to human error due to making typing mistakes. Either way sending data to a wrong recipient could expose your data. There are other breaches that could relate to emails too. For example, if someone fails to blind copy recipients into an email, they could breach people’s email addresses to each other. As well as this, the failure to redact personal information before sending emails to a third party could also lead to your data being exposed.

When Could You Involve The ICO Following A GDPR Data Breach?

As well as a letter or email proving a GDPR data breach took place, an ICO report could also help to prove what happened. However, before you request intervention by the ICO, you will need to follow the correct process.

The first step of the process is to contact the company you blame for the data breach. For example, if you suffer a price comparison website data breach, you’ll need to find contact details for them. You will need to file a formal complaint with them and await a response. If you do not agree with the findings, you should escalate the complaint further where possible. If you still don’t receive a response that you are happy with, it may be time to contact the ICO.

They say that you can get in touch within 3 months of the final communication with the defendant. After that, they could investigate the matter. The report that follows should identify if a GDPR data breach took place and any action taken. That could include financial penalties or enforcement action against the company in question.

What Are My Rights After A Data Breach For Claiming Compensation?

However, the ICO can’t force a company to compensate you if the breach has caused problems for you. That’s why you will need to begin your own legal action.

We are here to support you if you decide to begin a claim. Our data breach lawyers offer a No Win No Fee service for all accepted claims to make the process less risky for you.

What Evidence Do I Need To Make A Personal Data Breach Claim?

As with other types of compensation claims, you can’t just state an amount that you’d be happy to accept. Instead, you need to provide evidence to prove what happened and how it has affected you. In data breach claims, this could include:

  • A letter or email from the defendant confirming that a breach took place.
  • An ICO investigation report confirming the breach happened.
  • Medical evidence to show what injuries resulted from the personal data breach.
  • Financial records that demonstrate the costs, losses and expenses incurred because of the breach.

To discuss what evidence could help progress your claim, please call our team of specialists today. If you already have any of the above, please have it to hand to help with your free case review.

Personal Data Breach Compensation Calculator for 2022

As part of the data breach claims process, you could potentially receive compensation for psychological injuries caused by a personal data breach if you’re able to prove that the breach was caused by the wrongful action or inaction of a data handler or processor. Psychological injuries can include anxiety, depression, or PTSD.

The outcome of two legal cases have changed the claims process regarding data breach compensation. In the ruling of Vidal-Hall and others v Google Inc [2015], the Court of Appeal stated that claimants could now seek compensation for psychological damage caused from a data breach without having to suffer financial harm.

Another case (Gulati & Ors v MGN Ltd [2015]) ruled that potential compensation for psychological damage from data breaches will be calculated using the same parameters found in personal injury law.

With these two rulings in mind, we use information from the Judicial College Guidelines (JCG) to give you a better idea of what compensation you could receive in non-material damages. Please see the most recent figures from their guidelines below. These figures have been taken from their April 2022 publication.

Claim TypeSeverityCompensation Bracket
PTSDSevere£59,860 to £100,670
PTSDModerately Severe£23,150 to £59,860
PTSDModerate£8,180 to £23,150
PTSDLess Severe£3,950 to £8,180
Psychiatric DamageSevere£54,830 to £115,730
Psychiatric DamageModerately Severe£19,070 to £54,830
Psychiatric DamageModerate£5,860 to £19,070
Psychiatric DamageLess Severe£1,540 to £5,860

As part of the claims process, an independent assessment of your injuries may be performed by a medical professional. This can help determine to what degree the data breach has negatively impacted you. A solicitor from our panel can help organise this for you in as convenient a place and time as possible.

While you may be wanting to use a data breach compensation calculator to see what you could receive, these can be unreliable as some are unable to accommodate for all the factors that could determine your compensation. Our advisors can give you a compensation estimate in just one phone call. You can contact them using the details above.

Types Of Material And Non-Material Damages You Could Claim

Claims for suffering caused by data breaches are generally split into two parts. You may claim one or both damages.

The first is called material damages. This is the part that deals with expenses, costs and monetary losses caused by the data breach. As well as thinking about the money you have already lost, your claim might need to factor in future losses too. For example, you could continue to sustain losses if your banking details are being circulated on the dark web by criminals.

The second part of a claim is called non-material damages. This is used to cover the psychological injuries we introduced at the start of this guide. Your claim will usually focus on diagnosed conditions first. These could include anxiety, PTSD, depression and distress. After that, you may need to claim for any future suffering identified in your medical assessment. For example, your prognosis might suggest that PTSD is likely to prevent your return to work for some time.

As you can see, the complexity of data breach claims can vary from case to case. The more complex claims can include those where future suffering might occur. Our advice is that a specialist data breach solicitor could help improve the chance that you’ll receive the correct level of compensation. That’s because, using their experience, they will try to ensure all aspects of your suffering are fully understood before filing your claim.

If you would like us to check if your claim could be taken on by one of our solicitors, please call today.

No Win No Fee Personal Data Breach Claims

If you decide to work with Accident Claims UK, we could appoint one of our data breach solicitors to your case. If accepted, you could benefit from a No Win No Fee service. That means you’ll reduce your financial risks but benefit from experienced legal representation.

Not all claims are suitable for this service, however. Therefore, your case will need to be assessed by a solicitor before it is taken on. If they agree that your case is suitable to proceed, you’ll be given a Conditional Fee Agreement (CFA). This is your contract and it explains what the solicitor will have to achieve before you pay them. Also, the CFA will demonstrate that:

  • No money needs to be spent on upfront solicitors’ fees.
  • Your solicitor won’t ask you to pay their fee while they process your claim.
  • If the claim does not work out in your favour, you won’t have to pay the solicitor’s fee at all.

If your case is won, your solicitor will be paid a success fee to cover the cost of their work. This is a fixed percentage that is deducted from your compensation. So that you’re aware of how much will be retained, the success fee is listed in the CFA. Also, it is important to point out that these fees are legally capped.

Would you like us to check if you could claim on a No Win No Fee basis? If so, please call our team when you’re ready to begin.

Contact An Advisor To Ask ‘What Are My Rights After A Data Breach?’

If you have read this guide on personal data breach claims and would now like to discuss your case with us, there are various ways to do so. You can:

When you contact our team, you’ll be offered a free telephone assessment of your case. You will also be given advice on what options are available. You don’t have to proceed to make a claim but, if it is strong enough, the advisor could refer you to one of our data breach lawyers. If they accept your case, they’ll manage it on a No Win No Fee basis.

What Are My Rights After A Data Breach – GDPR Data Breach Claim FAQs

We have almost reached the end of this guide about GDPR data breach claims. Therefore, in this section, we have taken the opportunity to answer some common questions. If you need to know anything further, please speak to a member of our friendly team today.

What are GDPR breach claims?

GDPR data breach claims aim to achieve compensation for a data subject who has been harmed by a breach. The type of harm that you could claim includes monetary losses as well as suffering caused by psychological injuries.

What are my rights after a data breach – can you sue for a breach of the GDPR?

On its own, a GDPR data breach won’t entitle you to claim compensation. It is only possible to lodge a claim if you have been harmed in some way. You would need to supply evidence, such as medical records, to prove how you have suffered.

Are there different types of data breaches?

There are many different types of data breaches. They can result from accidental, deliberate or illegal acts. However, whatever type of breach occurs, you could be entitled to seek compensation if it has caused you to suffer in some way.

What Are Mr Rights After A Data Breach – Related Guides

Thank you for reading this guide about how data breach lawyers can help following a personal data breach. In our final section, we have added some additional guides that might be useful. If you require any additional information, please feel free to contact us.

Meet The Information Commissioner: Details about the current Information Commissioner and the role they play in data protection.

PTSD Treatment: NHS advice on how Post-Traumatic Stress Disorder can be treated.

Different Types Of Anxiety: This article provides advice on 25 different types of anxiety.

Finally, please find a few more of our own guides below:

Claiming For Medical Negligence: This article explains when you could be entitled to make a claim if injured because of clinical negligence.

Workplace Minor Injuries: Details about when you could be eligible for compensation after suffering a minor injury at work.

Uninsured Driver Claims: An article that explains how you could receive compensation if injured by a driver with no insurance policy.

We hope we have answered the question ‘what are my rights after a data breach?’ effectively.