I Suffered A Psychological Injury After A Gordons Chemist Data Breach, What Are My Rights?
In this guide, we will explain what could happen if a Gordons Chemist data breach affected you. Having access to prescription drugs can be an essential part of the treatment cycle. Luckily, we have a great network of pharmacies in the UK, meaning we rarely have to wait for medication.
To help provide their service, pharmacies will often have to process personal information about you. Since the release of the General Data Protection Regulation (GDPR), they must try to ensure that personal information is kept from prying eyes.
The GDPR is a law that aims to give data subjects (those whose data is processed) more control over how their personal information is used. It was enacted into UK law under the Data Protection Act 2018.
In this guide, we’ll explore how a data breach could result in you suffering and, importantly, what evidence you’ll need to receive compensation for that suffering.
Our advisors at Accident Claims UK could help if you want to make a claim. To do so, they offer to review your claim and give free legal advice on what to do next. While you don’t have to start a claim with us, we could put you in touch with one of our data breach solicitors to help you if your case is suitable. They’ll work on a No Win No Fee basis if they take you on as a client.
You will find plenty of information within this guide such as data protection practices, how a data protection breach could harm you and the evidence you need to help prove your case. Therefore, please feel free to read on. Alternatively, if you are ready to start a claim right away, why not call our advisors on 0800 073 8801 to get the ball rolling?
Select A Section
- A Guide To Claiming For A Gordons Chemist Data Breach
- Personal Data A Pharmacy Could Hold About You
- What Is A Gordons Chemist Data Breach Claim?
- What Should A Chemist Or Pharmacy Do After A Data Breach?
- Examples Of Action Taken Against Pharmacies By The ICO
- What Are Your Rights Relating To The GDPR?
- Evidence To Support Data Breach Compensation Claims
- Calculate Compensation For A Gordons Chemist Data Breach
- Types Of Material And Non-Material Damages Awarded Under The GDPR
- No Win No Fee Personal Data Breach Claims Against Gordons Chemist
- Contact An Advisor
- Top Frequently Asked Questions About GDPR Breaches
- Related Guides
A Guide Claiming For A Gordons Chemist Data Breach
It is not necessarily a bad thing that a pharmacy retains information about you. In fact, it can speed up the process of dispensing your medication. However, some of your information could be sensitive and result in problems if it were to be leaked. Those problems can include distress, embarrassment, financial losses and anxiety.
Luckily, the GDPR (enacted into UK law via the Data Protection Act 2018) aims to reduce the risk of data breaches. This data protection legislation means that if a company (or data controller) wants to use your personal information, they must have a lawful reason.
There are many ways that this can be established; one of them is that the data controller should ask if you agree to your data being used before they use it. That is the reason you’ll see a lot of tick boxes on registration forms these days. However, data controllers don’t always need your consent to process your data.
In the UK, data protection is governed by the Information Commissioner’s Office (ICO). Where they are made aware of problems, they are able to:
- Initiate an investigation to find out what’s happened.
- Fine any company found to have broken the rules.
- Start enforcement action so that the company changes its procedures.
However, the ICO doesn’t help with compensation claims. Therefore, you will need to instigate your own legal action.
If you do decide to claim for your suffering, you will need to be aware of the time limits. In many cases, a 6-year limitation period applies from the date you obtained knowledge of the breach. It might be worth checking with our advisors on this, though, as claims relating to breaches of your human rights only have 1 year.
Personal Data A Pharmacy Could Hold About You
As we’ve suggested already, pharmacies need personal information to help them operate smoothly. For the length of time you remain with a particular pharmacist, the amount of data they hold on you might increase. To show what type of information they could retain, we have provided the list below. A pharmacy could hold:
- Your name, telephone number, address, email address or mobile number.
- Credentials to log in to an online pharmacy website.
- Your NHS number.
- Information about your medical history.
- Details of any disabilities you have.
- Debit or credit card information if you pay online.
- Details of your previous and repeat prescriptions.
This is all information that could be used to help to identify you. Therefore it would be covered by the GDPR. Moreover, this might not be all the information that they hold. Further data might be recorded too.
On top of their duty to try and keep this type of data safe, pharmacies cannot share it or sell it without your permission, except in certain lawful circumstances. For example, if your pharmacist sent your details to a clinical trial because they know you’re asthmatic, then unless you’d agree to data sharing previously, a data breach could have occurred.
What Is A Gordons Chemist Data Breach Claim?
A personal data breach, according to the ICO, is where a security incident means that your data ends up being lost, destroyed, accessed, disclosed or changed in an unauthorised or unlawful way. The GDPR documentation also explains that such breaches can be caused accidentally or deliberately. Additionally, if you suffer mental harm or financial loss because of a breach, you could claim.
Data breaches can be caused by cybercriminals. They employ all sorts of tactics to try and obtain personal data such as hacking, ransomware, firewall attacks and phishing emails. However, you shouldn’t think that’s the only way a breach could happen. As well as digital information, the GDPR is concerned with the security of physical documentation as well.
Here are a few ways a pharmacy data breach could take place:
- If your medical information is printed in the shop and left on a counter where others can read it.
- Where somebody else is given your prescription and it identifies who you are.
- If the pharmacy’s website is attacked and hackers gain access to your records.
- Where pharmacy staff look at your details without any legitimate reason to do so under law.
We’ll explain how you can find out if your data has been accessed later on. However, if you can prove that a Gordons Chemist data breach has led to your suffering, please call to enquire about claiming.
What Should A Chemist Or Pharmacy Do After A Data Breach?
As part of the GDPR implementation process, many companies now have data protection officers. Preparing an action plan about what to do in the event of a data protection problem is usually one of their roles. Should a data breach take place, or if one is suspected, the company should:
- Start an immediate investigation to learn what has happened. This should aim to find out when the breach took place, how it happened and what data was accessed.
- Inform the Information Commissioner’s Office about the breach within 72 hours if it’s notifiable.
- Let any data subjects know if they are at risk because of the breach without undue delay.
Later in this guide, we will discuss the evidence you could use to help your claim. Proof that could be used includes an email or letter confirming you have been put at risk by the breach. Remember though, on its own, a data breach does not give you grounds to be compensated. Claims are only possible if you can also show that the breach caused you to suffer psychologically, financially or both.
Examples Of Action Taken Against Pharmacies By The ICO
As we have explained, the ICO has the power to issue fines to organisations that cause data protection breaches. In one case, it issued a £275,000 fine to a pharmacy based in London called Doorstep Dispensaree.
The basis of the financial penalty was that the company stored around half a million records, relating to patients, in unsecured cabinets at the back of the pharmacy. The report shows that the company had breached a number of GDPR rules.
What Are Your Rights Relating To The GDPR?
The GDPR provides data subjects with a number of rights in relation to data processing. They are the right to:
- Be informed.
- Access your data.
- Have your data corrected.
- Ask for data to be deleted.
- Restrict data processing.
- Data portability.
- Object to your data being used.
You also have rights in relation to automated decision making and profiling. While these rights look quite straightforward, they are more complex than shown here. You can read your individual rights in full on the ICO’s website.
Evidence To Support Data Breach Compensation Claims
In all types of compensation claims, evidence is necessary to help prove what happened, how you suffered and who was to blame for that suffering. For data breach compensation claims, there are several things that could help prove your case. They are:
- A letter or email from the defendant to confirm a breach took place and that your data was involved.
- A report from the ICO that confirms they have identified the breach took place following an investigation.
- Financial records of loss (such as bank statements).
- Medical records that prove your mental health suffered because of the breach.
Calculate Compensation For A Gordons Chemist Data Breach
We would now like to look at how much compensation might be paid for the psychological suffering caused by a data protection breach. We have included a compensation calculator table but for a more personalised estimate, we’d advise you to call our team.
In an important case (Vidal-Hall and others v Google Inc ), the Court of Appeal held two important decisions. They were that:
- If you have suffered psychological injuries because of a data protection breach, then compensation should be considered regardless of whether you’ve also sustained financial loss.
- Where compensation is paid, it should be awarded at the same level as in personal injury cases.
Before this case, you could only claim compensation for mental suffering if you’d also suffered financially.
The compensation table below is populated with recommended amounts from the Judicial College Guidelines. This publication is used in personal injury law by solicitors who’re valuing injuries.
|Injury||Severity||Settlement Bracket||Further Guidance|
|Psychiatric Injury||Severe||£51,460 to £108,620||Serious problems will result meaning the victim will struggle with relationships and coping with life. They will be given a very poor prognosis, will be vulnerable and treatment is not likely to help.|
|Moderately Severe||£17,900 to £51,460||The issues seen will be similar to those listed above, but there will be a more optimistic prognosis.|
|Moderate||£5,500 to £17,900||In this case, while symptoms will not be too dissimilar to those shown above, a good prognosis will be offered due to many marked improvements.|
|Less Severe||Up to £5,500||Factors involved in valuing include how long the period of disability was, and how much everyday activities and sleep were impacted.|
|PTSD||Severe||£56,180 to £94,470||The claimant will suffer in all aspects of their life because of permanent symptoms. There will be no chance of returning to pre-trauma levels of functioning or work.|
|Moderately Severe||£21,730 to £56,180||In this category, suffering will be similar to above but a better prognosis will be given. This will be due to the fact that specialised treatment is more likely to help.|
|Moderate||£7,680 to £21,730||Mostly recovered and any ongoing effects won't be very disabling.
|Less Severe||Up to £7,680||Almost complete recovery within 1 to 2 years and only minor symptoms will continue if at all.|
Because you need to prove the extent of your condition, you will need a medical assessment during your claim. The assessment can also be used to prove that your condition was caused or worsened by the data breach. If it comes to light that the data breach didn’t affect your mental health, you may not be able to claim for psychological injuries.
If you work with us, our solicitors are usually able to arrange these assessments locally. The meeting would be conducted by a specialist medical expert. Their job is to try and ascertain how you have suffered and to provide a prognosis for the future too.
They will attempt to do this by looking at medical records and discussing your case with you. Once they have completed the assessment, they will provide a report to your solicitor setting out their findings. Your solicitor can use this report to value your condition.
Types Of Material And Non-Material Damages Awarded Under The GDPR
When requesting compensation, you need to justify every penny and provide supporting evidence. Furthermore, because only one claim is possible, you may need to account for future suffering too.
The first element of your claim may be for material damages. This is compensation to cover any monetary loss that has resulted from the data breach. Firstly, you could look at the amount you have already lost. After that, it might be necessary to think about losses that could result in the future. For example, if your credit file has been damaged by identity theft, you might have to pay a higher price for mortgages, loans or credit cards for many years to come.
The second element is called non-material damages. This is compensation that’s used to cover your pain and suffering. Again, conditions that have already been diagnosed may be looked at first. These could include distress or anxiety. After reviewing the medical report we mentioned previously, you may find that you need to also claim for long-term suffering.
It is worth noting that claims are possible for either material damages, non-material damages or both at the same time.
As claims can become rather complex, our advice is that you should think about taking on a data breach solicitor to help you. If your claim is accepted by one of our specialists, they will conduct a thorough investigation so that they understand the full impact of the data breach before they submit your case. Also, we believe that having legal representation provides you with the best chance of receiving a fair amount of compensation.
No Win No Fee Personal Data Breach Claims Against Gordons Chemist
The thought of losing money because you’ve paid for a solicitor’s work, but your claim is unsuccessful, is enough to put you off from starting. Don’t fret though, as we have a team of data breach solicitors who’ll work on a No Win No Fee basis if your claim is taken on. As a result, you could benefit from the experience of one of our specialists.
Not all claims are suitable. Therefore, a solicitor will need to check over your case at the start of the claims process. If they do agree to take you on, they’ll give you a Conditional Fee Agreement (CFA). (This is a formal term for a No Win No Fee agreement.) The CFA sets out the conditions that must be met before your solicitor will be paid. Additionally, it shows you that:
- Advance payments to your solicitor for their work are not needed.
- You won’t be asked to pay any solicitor’s fees while your case is worked on.
- Should the claim fail, you are not liable to pay any of your solicitor’s fees.
There is only only one scenario where you’ll need to pay your solicitor their fee under a No Win No Fee agreement. That’s if they win compensation for you. If that happens, you would pay a success fee to cover their work. This is a small percentage of your compensation that’s deducted before it is transferred to you. So that you know about the fee before you sign up, the percentage is listed in the CFA. Furthermore, success fees are legally capped to help prevent overcharging.
Contact An Advisor
We do hope that you’ve found the guidance in this article about the potential consequences of a Gordons Chemist data breach helpful. If you can prove you have a justifiable claim, you can contact our team by:
- Calling our free legal advice line on 0800 073 8801 to discuss your case with a specialist.
- Using our online claim form so that we can call you back at a convenient time.
- Emailing us with information about why you’d like to claim to firstname.lastname@example.org.
- Using our online chat service to discuss your case with a specialist advisor.
We don’t want to waste your time when you call. Therefore, following your free case review, we’ll always offer honest advice about the chances of you receiving compensation. That said, where your case appears viable, we could pass it on to one of our data breach lawyers. Should they agree to work for you, their services will be provided on a No Win No Fee basis.
Top Frequently Asked Questions About GDPR Breaches
In this section, we have attempted to answer some questions that are often asked about the GDPR. If you want to know anything further, please don’t hesitate to contact us.
What is the GDPR?
The GDPR is legislation that has been introduced to try and protect personal data. It is very strict and offers individuals more control over when and how their data is used. This can include a right to restrict the use of personal information.
What fine could the ICO issue for data breaches?
The UK regulator, the Information Commissioner’s Office, has powers to issue fines worth millions. In some cases, they may issue an enforcement notice before handing out financial penalties.
Who does the GDPR apply to?
The GDPR applies to most organisations operating inside of the EU and (through the Data Protection Act 2018) in the UK. Essentially, if your organisation processes personal data, then you should adhere to the rules of the GDPR.
We have reached the last part of this guide about what could happen following a Gordons Chemist data breach. Therefore, we are going to provide some additional support by way of some resources. If you need any further advice from our team, please get in touch.
72 Hours To Report A Data Breach: Information from the ICO on what data controllers need to report within 72 hours of a notifiable data breach.
General Pharmaceutical Council: The regulatory body responsible for pharmacists, pharmacies and pharmacy technicians.
Personal Data Breaches: This is an ICO webpage where you can let them know about suspected data breaches.
Finally, we have included a few more of our data breach articles below.
Claiming For Distress: Reviews your eligibility to claim for the distress caused by a data breach.
GP Surgery Breaches: Advice on your options if your data has been exposed by a breach at your GP surgery.
Private Healthcare Breaches: Information on the claims process relating to private healthcare providers.
Thank you for reading our guide on the justifications and evidence you might need to make a claim after a Gordons Chemist data breach.
Guide by BH
Edited by RV