I Suffered A Psychological Injury After A Personal Data Breach, What Are My Rights?

If you have read about a data breach recently, chances are it involved cybercriminals who were trying to extort money from somebody. Victims of data breaches could be entitled to claim back any money they have lost as a result. But did you know that you could also claim for suffering caused by psychological injuries too? For example, if a personal data breach causes you to suffer from anxiety, distress, depression or even Post-Traumatic Stress Disorder, then you could be entitled to claim compensation. Since the introduction of the GDPR (the General Data Protection Regulation), data safety laws have been strengthened. Therefore, we’ll look at how suffering could result from a breach of the GDPR and when you might be entitled to claim compensation for it.

Data breach psychological injury claims

Data breach psychological injury claims

At Accident Claims UK, we have a team of specialist advisors who can help with the claims process. They offer to review any claim without any obligation for you to proceed and will also give free legal advice on your options. If you do wish to proceed, and a data breach solicitor from our team accepts your case, then you could benefit from our No Win No Fee service.

To discuss your claim with our team, please get in touch by calling 0800 073 8801 today. You will have the opportunity to ask as many questions as you need during your free consultation. If you would like more information about how a data breach lawyer could support your claim, please read on.

Select A Section

A Guide To Personal Data Breach Claims

If your personal data is obtained by somebody else, it could cause all sorts of problems. For example, you could suffer from embarrassment if colleagues saw your work disciplinary record or you might be held to ransom by criminals who’d obtained sensitive information about you.

Luckily, steps to tighten data security have been taken by introducing laws like the GDPR and The Data Protection Act 2018. Together, the new legislation gives you (the data subject) extra control over how your personal information is used. When an organisation (the data controller) wants to use your details, they now need a lawful basis. In some circumstances, that means they need to tell you why they want to use it and request your permission too.

Where data security laws aren’t adhered to, in certain instances, the Information Commissioner’s Office (ICO) is able to investigate. As the data protection watchdog, the ICO can take enforcement action to change the way companies work with personal data.

Additionally, they are able to fine companies that are found guilty of breaking the law. However, they can’t award compensation to the victims of data breaches. For that reason, we have written this guide about how to claim for a personal data breach yourself.

In many instances, time limits for data breach claims are 6 years. However, you could verify whether that’s the case for you by asking an advisor. That’s because some claims have a 1-year time limit if they involve human rights breaches.

As we progress, we’ll consider what types of data breaches can occur. Importantly, though, we should point out that the GDPR covers both digital data as well as physical documentation. That means data breaches don’t always need to involve computer systems.

What Personal Data Could An Organisation Hold About Me?

It’s important to realise that organisations may store and process lots of information about you. If any data that could help to identify you is leaked during a GDPR data breach, you could claim for any suffering. The types of information a data controller might hold about you includes:

  • Personal health information (PHI).
  • Medical records.
  • Social services records.
  • Financial transaction history.
  • Sensitive, protected or confidential information.
  • Employment or education records.
  • Your name.
  • Home address.
  • Date of birth.
  • Password used to access websites, apps or online services.
  • Email address.
  • Telephone numbers.
  • Bank account numbers and sort codes.
  • Credit card details.

This is by no way a full list of the information you may supply to different organisations. However, imagine the harm that could be caused if some of the details listed got into the wrong hands.

If you believe your personal data has been exposed by a personal data breach, and it has caused you to suffer, why not call to find out if a data breach solicitor from our team could help you claim?

What Is A Personal Data Breach Claim?

There are many different types of data breaches that could result in a compensation claim. Let’s first look at what a data breach actually is. The GDPR defines it as when some type of security problem means personal information that could identify a data subject is altered, disclosed, destroyed, accessed or altered in an unauthorised manner.

Importantly, you could raise a claim against the defendant for a data breach that has harmed you. This could include accidental breaches as well as deliberate breaches.

The GDPR is concerned with all forms of personal data including digital data and also physical documentation. Therefore, breaches containing either could result in a claim. For example, if your GP surgery sends you a letter containing details of your medical conditions and appointments but posts it to the wrong address, a breach would have taken place.

Similarly, if your personal records are accessed or downloaded by criminals following a cyber attack on your bank that could have been prevented, a breach could also have happened. In either case, you may be entitled to sue the responsible party if the breach resulted in you suffering.

If you would like us to take a look at your case to see if you have grounds for a claim, please get in touch today. Our advisors will assess your case and provide free legal advice whether you decide to claim or not.

How Should A Company React If They Have Had A Data Breach?

If a company becomes aware of a personal data breach, there are certain things that they could do. They include:

  • Beginning an investigation into what has happened.
  • Reporting the breach to the ICO (if it’s notifiable).
  • Letting any data subject who might be at risk know about the breach.

If you are contacted because a data breach has occurred, you should receive an explanation of how the breach took place, when it happened and what information may have been exploited.

As we will show later on, the letter or email that you receive could be important evidence that could help your claim. Please bear in mind, though, that just because the data breach happened, doesn’t automatically mean you’ll be compensated. You will need to provide further evidence that proves it resulted in some form of harm.

Our team will happily review your case for you. Without obligation, they’ll look at the merits of your case, provide free legal advice and could pass your case to one of our data breach solicitors.

Examples Of Action Taken By The ICO

As we’ve explained already, the ICO can issue large financial penalties (if appropriate) to an organisation found guilty of breaking data breach law. Here are some recent examples from the ICO’s register of action:

As you can see, the ICO does flex its muscles when certain breaches are identified. In fact, they can issue fines of up to £17.5 million or 4% of a company’s annual turnover.

When Could You Involve The ICO Following A GDPR Data Breach?

As well as a letter or email proving a GDPR data breach took place, an ICO report could also help to prove what happened. However, before you request intervention by the ICO, you will need to follow the correct process.

The first step of the process is to contact the company you blame for the data breach. You will need to file a formal complaint with them and await a response. If you do not agree with the findings, you should escalate the complaint further where possible. If you still don’t receive a response that you are happy with, it may be time to contact the ICO.

They say that you can get in touch within 3 months of the final communication with the defendant. After that, they could investigate the matter. The report that follows should identify if a GDPR data breach took place and any action taken. That could include financial penalties or enforcement action against the company in question.

However, the ICO can’t force a company to compensate you if the breach has caused problems for you. That’s why you will need to begin your own legal action.

We are here to support you if you decide to begin a claim. Our data breach lawyers offer a No Win No Fee service for all accepted claims to make the process less risky for you.

What Evidence Do I Need To Make A Personal Data Breach Claim?

As with other types of compensation claims, you can’t just state an amount that you’d be happy to accept. Instead, you need to provide evidence to prove what happened and how it has affected you. In data breach claims, this could include:

  • A letter or email from the defendant confirming that a breach took place.
  • An ICO investigation report confirming the breach happened.
  • Medical evidence to show what injuries resulted from the personal data breach.
  • Financial records that demonstrate the costs, losses and expenses incurred because of the breach.

To discuss what evidence could help progress your claim, please call our team of specialists today. If you already have any of the above, please have it to hand to help with your free case review.

Personal Data Breach Compensation Calculator

It is now time to take a look at compensation amounts that could be paid for any psychological suffering that results from a personal data breach. In general, compensation could be based on the suffering caused by distress, anxiety or PTSD.

An important precedent was set by the Court of Appeal during the hearing of Vidal-Hall and others v Google Inc [2015]. In that case, the court found that:

  1. You are allowed to seek compensation for psychological injuries whether you lost money or not.
  2. If compensation is awarded, it can be valued at the same levels paid in personal injury claims.

Therefore, we have supplied data from the Judicial College Guidelines (JCG) in our table below. The JCG is used by legal professionals when setting compensation levels for injuries in personal injury cases.

Claim TypeSeverityCompensation BracketAdditional Comments
PTSDSevere£56,180 to £94,470
PTSDModerately Severe£21,730 to £56,180
PTSDModerate£7,680 to £21,730
PTSDLess SevereUp to £7,680
Psychiatric DamageAmounts are based on the following when considering psychiatric damage:
1) The claimant's ability to cope with life in general or work.
2) Any impact on personal or work relationships.
3) Whether treatment will improve things.
4) If the claimant will be vulnerable in the future.
5) Prognosis.
Psychiatric DamageSevere£51,460 to £108,620
Psychiatric DamageModerately Severe£17,900 to £51,460
Psychiatric DamageModerate£5,500 to £17,900
Psychiatric DamageLess SevereUp to £5,500

To help demonstrate the severity of your injuries, a medical assessment should be required for all claims. Our solicitors will always attempt to book these locally to avoid excessive travel.

The assessment would be carried out by an independent medical specialist. They’d use your medical notes and any answers you provide to form a prognosis. When the appointment has ended, they would file a report with your solicitor to explain their diagnosis and prognosis.

Types Of Material And Non-Material Damages You Could Claim

Claims for suffering caused by data breaches are generally split into two parts. You may claim one or both damages.

The first is called material damages. This is the part that deals with expenses, costs and monetary losses caused by the data breach. As well as thinking about the money you have already lost, your claim might need to factor in future losses too. For example, you could continue to sustain losses if your banking details are being circulated on the dark web by criminals.

The second part of a claim is called non-material damages. This is used to cover the psychological injuries we introduced at the start of this guide. Your claim will usually focus on diagnosed conditions first. These could include anxiety, PTSD, depression and distress. After that, you may need to claim for any future suffering identified in your medical assessment. For example, your prognosis might suggest that PTSD is likely to prevent your return to work for some time.

As you can see, the complexity of data breach claims can vary from case to case. The more complex claims can include those where future suffering might occur. Our advice is that a specialist data breach solicitor could help improve the chance that you’ll receive the correct level of compensation. That’s because, using their experience, they will try to ensure all aspects of your suffering are fully understood before filing your claim.

If you would like us to check if your claim could be taken on by one of our solicitors, please call today.

No Win No Fee Personal Data Breach Claims

If you decide to work with Accident Claims UK, we could appoint one of our data breach solicitors to your case. If accepted, you could benefit from a No Win No Fee service. That means you’ll reduce your financial risks but benefit from experienced legal representation.

Not all claims are suitable for this service, however. Therefore, your case will need to be assessed by a solicitor before it is taken on. If they agree that your case is suitable to proceed, you’ll be given a Conditional Fee Agreement (CFA). This is your contract and it explains what the solicitor will have to achieve before you pay them. Also, the CFA will demonstrate that:

  • No money needs to be spent on upfront solicitors’ fees.
  • Your solicitor won’t ask you to pay their fee while they process your claim.
  • If the claim does not work out in your favour, you won’t have to pay the solicitor’s fee at all.

If your case is won, your solicitor will be paid a success fee to cover the cost of their work. This is a fixed percentage that is deducted from your compensation. So that you’re aware of how much will be retained, the success fee is listed in the CFA. Also, it is important to point out that these fees are legally capped.

Would you like us to check if you could claim on a No Win No Fee basis? If so, please call our team when you’re ready to begin.

Contact An Advisor

If you have read this guide on personal data breach claims and would now like to discuss your case with us, there are various ways to do so. You can:

When you contact our team, you’ll be offered a free telephone assessment of your case. You will also be given advice on what options are available. You don’t have to proceed to make a claim but, if it is strong enough, the advisor could refer you to one of our data breach lawyers. If they accept your case, they’ll manage it on a No Win No Fee basis.

GDPR Data Breach Claim FAQs

We have almost reached the end of this guide about GDPR data breach claims. Therefore, in this section, we have taken the opportunity to answer some common questions. If you need to know anything further, please speak to a member of our friendly team today.

What are GDPR breach claims?

GDPR data breach claims aim to achieve compensation for a data subject who has been harmed by a breach. The type of harm that you could claim includes monetary losses as well as suffering caused by psychological injuries.

Can you sue for a breach of the GDPR?

On its own, a GDPR data breach won’t entitle you to claim compensation. It is only possible to lodge a claim if you have been harmed in some way. You would need to supply evidence, such as medical records, to prove how you have suffered.

Are there different types of data breaches?

There are many different types of data breaches. They can result from accidental, deliberate or illegal acts. However, whatever type of breach occurs, you could be entitled to seek compensation if it has caused you to suffer in some way.

Related Guides

Thank you for reading this guide about how data breach lawyers can help following a personal data breach. In our final section, we have added some additional guides that might be useful. If you require any additional information, please feel free to contact us.

Meet The Information Commissioner: Details about the current Information Commissioner and the role they play in data protection.

PTSD Treatment: NHS advice on how Post-Traumatic Stress Disorder can be treated.

Different Types Of Anxiety: This article provides advice on 25 different types of anxiety.

Finally, please find a few more of our own guides below:

Claiming For Medical Negligence: This article explains when you could be entitled to make a claim if injured because of clinical negligence.

Workplace Minor Injuries: Details about when you could be eligible for compensation after suffering a minor injury at work.

Uninsured Driver Claims: An article that explains how you could receive compensation if injured by a driver with no insurance policy.

Guide by BH

Edited by RV