If you have read about a data breach recently, chances are it involved cybercriminals who were trying to extort money from somebody. Victims of data breaches could be entitled to claim back any money they have lost as a result. But did you know that you could also claim for suffering caused by psychological injuries too? For example, if a personal data breach causes you to suffer from anxiety, distress, depression or even Post-Traumatic Stress Disorder, then you could be entitled to claim compensation. Since the introduction of the GDPR (the General Data Protection Regulation), data safety laws have been strengthened. Therefore, we’ll look at how suffering could result from a breach of the GDPR and when you might be entitled to claim compensation for it.
At Accident Claims UK, we have a team of specialist advisors who can help with the claims process. They offer to review any claim without any obligation for you to proceed and will also give free legal advice on your options. If you do wish to proceed, and a data breach solicitor from our team accepts your case, then you could benefit from our No Win No Fee service.
To discuss your claim with our team, please get in touch by calling 0800 073 8801 today. You will have the opportunity to ask as many questions as you need during your free consultation. If you would like more information about how a data breach lawyer could support your claim, please read on.
Select A Section
- A Guide To Personal Data Breach Claims
- What Personal Data Could An Organisation Hold About Me?
- What Is A Personal Data Breach Claim?
- How Should A Company React If They Have Had A Data Breach?
- Examples Of Action Taken By The ICO
- When Could You Involve The ICO Following A GDPR Data Breach?
- What Evidence Do I Need To Make A Personal Data Breach Claim?
- Personal Data Breach Compensation Calculator
- Types Of Material And Non-Material Damages You Could Claim
- No Win No Fee Personal Data Breach Claims
- Contact An Advisor
- GDPR Data Breach Claim FAQs
- Related Guides
A Guide To Personal Data Breach Claims
If your personal data is obtained by somebody else, it could cause all sorts of problems. For example, you could suffer from embarrassment if colleagues saw your work disciplinary record or you might be held to ransom by criminals who’d obtained sensitive information about you.
Luckily, steps to tighten data security have been taken by introducing laws like the GDPR and The Data Protection Act 2018. Together, the new legislation gives you (the data subject) extra control over how your personal information is used. When an organisation (the data controller) wants to use your details, they now need a lawful basis. In some circumstances, that means they need to tell you why they want to use it and request your permission too.
Where data security laws aren’t adhered to, in certain instances, the Information Commissioner’s Office (ICO) is able to investigate. As the data protection watchdog, the ICO can take enforcement action to change the way companies work with personal data.
Additionally, they are able to fine companies that are found guilty of breaking the law. However, they can’t award compensation to the victims of data breaches. For that reason, we have written this guide about how to claim for a personal data breach yourself.
In many instances, time limits for data breach claims are 6 years. However, you could verify whether that’s the case for you by asking an advisor. That’s because some claims have a 1-year time limit if they involve human rights breaches.
As we progress, we’ll consider what types of data breaches can occur. Importantly, though, we should point out that the GDPR covers both digital data as well as physical documentation. That means data breaches don’t always need to involve computer systems.
What Personal Data Could An Organisation Hold About Me?
It’s important to realise that organisations may store and process lots of information about you. If any data that could help to identify you is leaked during a GDPR data breach, you could claim for any suffering. The types of information a data controller might hold about you includes:
- Personal health information (PHI).
- Medical records.
- Social services records.
- Financial transaction history.
- Sensitive, protected or confidential information.
- Employment or education records.
- Your name.
- Home address.
- Date of birth.
- Password used to access websites, apps or online services.
- Email address.
- Telephone numbers.
- Bank account numbers and sort codes.
- Credit card details.
This is by no way a full list of the information you may supply to different organisations. However, imagine the harm that could be caused if some of the details listed got into the wrong hands.
What Is A Personal Data Breach Claim?
There are many different types of data breaches that could result in a compensation claim. Let’s first look at what a data breach actually is. The GDPR defines it as when some type of security problem means personal information that could identify a data subject is altered, disclosed, destroyed, accessed or altered in an unauthorised manner.
Importantly, you could raise a claim against the defendant for a data breach that has harmed you. This could include accidental breaches as well as deliberate breaches.
The GDPR is concerned with all forms of personal data including digital data and also physical documentation. Therefore, breaches containing either could result in a claim. For example, if your GP surgery sends you a letter containing details of your medical conditions and appointments but posts it to the wrong address, a breach would have taken place.
Similarly, if your personal records are accessed or downloaded by criminals following a cyber attack on your bank that could have been prevented, a breach could also have happened. In either case, you may be entitled to sue the responsible party if the breach resulted in you suffering.
If you would like us to take a look at your case to see if you have grounds for a claim, please get in touch today. Our advisors will assess your case and provide free legal advice whether you decide to claim or not.
How Should A Company React If They Have Had A Data Breach?
If a company becomes aware of a personal data breach, there are certain things that they could do. They include:
- Beginning an investigation into what has happened.
- Reporting the breach to the ICO (if it’s notifiable).
- Letting any data subject who might be at risk know about the breach.
If you are contacted because a data breach has occurred, you should receive an explanation of how the breach took place, when it happened and what information may have been exploited.
As we will show later on, the letter or email that you receive could be important evidence that could help your claim. Please bear in mind, though, that just because the data breach happened, doesn’t automatically mean you’ll be compensated. You will need to provide further evidence that proves it resulted in some form of harm.
Examples Of Action Taken By The ICO
As we’ve explained already, the ICO can issue large financial penalties (if appropriate) to an organisation found guilty of breaking data breach law. Here are some recent examples from the ICO’s register of action:
- Marriott International was fined £18.4 million for failing to secure customer data.
- Cathay Pacific fined £500,000 for failing to protect the security of customer information.
- EE Limited was fined £100,000 for sending over 2.5 million marketing messages without consent.
When Could You Involve The ICO Following A GDPR Data Breach?
As well as a letter or email proving a GDPR data breach took place, an ICO report could also help to prove what happened. However, before you request intervention by the ICO, you will need to follow the correct process.
The first step of the process is to contact the company you blame for the data breach. You will need to file a formal complaint with them and await a response. If you do not agree with the findings, you should escalate the complaint further where possible. If you still don’t receive a response that you are happy with, it may be time to contact the ICO.
They say that you can get in touch within 3 months of the final communication with the defendant. After that, they could investigate the matter. The report that follows should identify if a GDPR data breach took place and any action taken. That could include financial penalties or enforcement action against the company in question.
However, the ICO can’t force a company to compensate you if the breach has caused problems for you. That’s why you will need to begin your own legal action.
What Evidence Do I Need To Make A Personal Data Breach Claim?
As with other types of compensation claims, you can’t just state an amount that you’d be happy to accept. Instead, you need to provide evidence to prove what happened and how it has affected you. In data breach claims, this could include:
- A letter or email from the defendant confirming that a breach took place.
- An ICO investigation report confirming the breach happened.
- Medical evidence to show what injuries resulted from the personal data breach.
- Financial records that demonstrate the costs, losses and expenses incurred because of the breach.
Personal Data Breach Compensation Calculator
It is now time to take a look at compensation amounts that could be paid for any psychological suffering that results from a personal data breach. In general, compensation could be based on the suffering caused by distress, anxiety or PTSD.
An important precedent was set by the Court of Appeal during the hearing of Vidal-Hall and others v Google Inc . In that case, the court found that:
- You are allowed to seek compensation for psychological injuries whether you lost money or not.
- If compensation is awarded, it can be valued at the same levels paid in personal injury claims.
Therefore, we have supplied data from the Judicial College Guidelines (JCG) in our table below. The JCG is used by legal professionals when setting compensation levels for injuries in personal injury cases.
|Claim Type||Severity||Compensation Bracket||Additional Comments|
|PTSD||Severe||£56,180 to £94,470|
|PTSD||Moderately Severe||£21,730 to £56,180|
|PTSD||Moderate||£7,680 to £21,730|
|PTSD||Less Severe||Up to £7,680|
|Psychiatric Damage||Amounts are based on the following when considering psychiatric damage:
1) The claimant's ability to cope with life in general or work.
2) Any impact on personal or work relationships.
3) Whether treatment will improve things.
4) If the claimant will be vulnerable in the future.
|Psychiatric Damage||Severe||£51,460 to £108,620|
|Psychiatric Damage||Moderately Severe||£17,900 to £51,460|
|Psychiatric Damage||Moderate||£5,500 to £17,900|
|Psychiatric Damage||Less Severe||Up to £5,500|
To help demonstrate the severity of your injuries, a medical assessment should be required for all claims. Our solicitors will always attempt to book these locally to avoid excessive travel.
The assessment would be carried out by an independent medical specialist. They’d use your medical notes and any answers you provide to form a prognosis. When the appointment has ended, they would file a report with your solicitor to explain their diagnosis and prognosis.
Types Of Material And Non-Material Damages You Could Claim
Claims for suffering caused by data breaches are generally split into two parts. You may claim one or both damages.
The first is called material damages. This is the part that deals with expenses, costs and monetary losses caused by the data breach. As well as thinking about the money you have already lost, your claim might need to factor in future losses too. For example, you could continue to sustain losses if your banking details are being circulated on the dark web by criminals.
The second part of a claim is called non-material damages. This is used to cover the psychological injuries we introduced at the start of this guide. Your claim will usually focus on diagnosed conditions first. These could include anxiety, PTSD, depression and distress. After that, you may need to claim for any future suffering identified in your medical assessment. For example, your prognosis might suggest that PTSD is likely to prevent your return to work for some time.
As you can see, the complexity of data breach claims can vary from case to case. The more complex claims can include those where future suffering might occur. Our advice is that a specialist data breach solicitor could help improve the chance that you’ll receive the correct level of compensation. That’s because, using their experience, they will try to ensure all aspects of your suffering are fully understood before filing your claim.
No Win No Fee Personal Data Breach Claims
If you decide to work with Accident Claims UK, we could appoint one of our data breach solicitors to your case. If accepted, you could benefit from a No Win No Fee service. That means you’ll reduce your financial risks but benefit from experienced legal representation.
Not all claims are suitable for this service, however. Therefore, your case will need to be assessed by a solicitor before it is taken on. If they agree that your case is suitable to proceed, you’ll be given a Conditional Fee Agreement (CFA). This is your contract and it explains what the solicitor will have to achieve before you pay them. Also, the CFA will demonstrate that:
- No money needs to be spent on upfront solicitors’ fees.
- Your solicitor won’t ask you to pay their fee while they process your claim.
- If the claim does not work out in your favour, you won’t have to pay the solicitor’s fee at all.
If your case is won, your solicitor will be paid a success fee to cover the cost of their work. This is a fixed percentage that is deducted from your compensation. So that you’re aware of how much will be retained, the success fee is listed in the CFA. Also, it is important to point out that these fees are legally capped.
Contact An Advisor
If you have read this guide on personal data breach claims and would now like to discuss your case with us, there are various ways to do so. You can:
- Call us directly on 0800 073 8801 to start the ball rolling.
- Use our live chat service to discuss your case with an advisor.
- Request a call back from a specialist by completing this form.
- Email email@example.com to explain how you’ve been affected by a personal data breach.
When you contact our team, you’ll be offered a free telephone assessment of your case. You will also be given advice on what options are available. You don’t have to proceed to make a claim but, if it is strong enough, the advisor could refer you to one of our data breach lawyers. If they accept your case, they’ll manage it on a No Win No Fee basis.
GDPR Data Breach Claim FAQs
We have almost reached the end of this guide about GDPR data breach claims. Therefore, in this section, we have taken the opportunity to answer some common questions. If you need to know anything further, please speak to a member of our friendly team today.
What are GDPR breach claims?
GDPR data breach claims aim to achieve compensation for a data subject who has been harmed by a breach. The type of harm that you could claim includes monetary losses as well as suffering caused by psychological injuries.
Can you sue for a breach of the GDPR?
On its own, a GDPR data breach won’t entitle you to claim compensation. It is only possible to lodge a claim if you have been harmed in some way. You would need to supply evidence, such as medical records, to prove how you have suffered.
Are there different types of data breaches?
There are many different types of data breaches. They can result from accidental, deliberate or illegal acts. However, whatever type of breach occurs, you could be entitled to seek compensation if it has caused you to suffer in some way.
Thank you for reading this guide about how data breach lawyers can help following a personal data breach. In our final section, we have added some additional guides that might be useful. If you require any additional information, please feel free to contact us.
Meet The Information Commissioner: Details about the current Information Commissioner and the role they play in data protection.
PTSD Treatment: NHS advice on how Post-Traumatic Stress Disorder can be treated.
Different Types Of Anxiety: This article provides advice on 25 different types of anxiety.
Finally, please find a few more of our own guides below:
Claiming For Medical Negligence: This article explains when you could be entitled to make a claim if injured because of clinical negligence.
Workplace Minor Injuries: Details about when you could be eligible for compensation after suffering a minor injury at work.
Uninsured Driver Claims: An article that explains how you could receive compensation if injured by a driver with no insurance policy.
Guide by BH
Edited by RV