By Lewis Vernon. Last Updated 26th October 2022. In this guide, we will look at what a breach of the UK GDPR is and when compensation for distress could be awarded. You will learn what a GDPR data breach entails and how much you could get in the event of a successful claim. We also discuss the role of the Information Commissioners’ Office (ICO) and how you could benefit from working with a No Win No Fee solicitor.
Claiming Compensation For Distress After A GDPR Data Breach Guide
The UK General Data Protection Regulation (UK GDPR) and a version of the Data Protection Act 2018 that has been updated since the UK left the EU dictate how personal data should be protected in the EU. If these laws are broken, and you’re harmed by a personal data breach that happens as a result, then you could claim.
Before we begin this article, please make a note of how you can get in touch:
- Calling the above number
- Using the live chat feature on your page
- Heading to our contact page
Choose A Section
- Guidance On How To Claim Compensation For Distress After A GDPR Data Breach
- What Is A GDPR Data Breach?
- Examples Of GDPR Data Breaches
- UK GDPR Breach Compensation Claims – How Long Do I Have To Begin A Claim?
- How Much Could I Get When Claiming Compensation For Distress After A GDPR Data Breach?
- Should I Work With A No Win No Fee Solicitor?
- Further Information About Claiming GDPR Compensation For Distress
Guidance On How To Claim Compensation For Distress After A GDPR Data Breach
When claiming compensation for distress after a GDPR data breach, it is important to understand the UK GDPR and what it entails. It sets out some key principles that should be followed by any entity that is processing personal data.
They are as follows:
- Data must be used in a fair and transparent manner
- Data can only be used for specified, legitimate purposes and shouldn’t be processed further in a way that’s not compatible with these
- Only retain data that’s relevant for the purposes for which it was collected
- Keep information up-to-date
- Only keep data for as long as it needs to be kept for these purposes
- Have security measures in place to ensure data is safely processed and stored
In order to claim, you must be able to prove that you have been the victim of a data breach and that you suffered material and/or non-material damages as a result. If you are unsure about whether you have a valid claim, our team can offer free no-obligation advice.
What Is A GDPR Data Breach?
The Information Commissioner Officer (ICO) is the UK’s independent authority that upholds data protection and privacy for individuals and organisations. The ICO describes a data breach as a security incident where the integrity, availability or confidentiality of personal data is affected. Personal data is any information that can be used (alone or with other data) to identify a living natural person.
You could claim compensation if you have suffered psychological harm and/or financial damage as a result of a personal data breach. However, you must be able to prove that the failings of the party handling your data led to the data breach occurring. Data protection laws apply to information that is stored physically as well as digitally.
Your personal data might be processed by a data controller or a data processor. A data controller decides how and why your personal data may be used, whereas a data processor processes personal information on behalf of the controller. Both parties must protect your information and make sure it isn’t exposed.
Our advisors would be happy to speak to you about your case and discuss the process of claiming compensation for distress after a GDPR data breach. Use the live chat feature to speak to an advisor or get in touch using one of the other methods outlined above.
Examples of GDPR Data Breaches
In this section of our guide, we will look at examples of GDPR data breaches and how your personal data could be exposed. Breaches may involve:
- Data being emailed to the wrong person. An email containing personal data could be sent to the wrong recipient as a result of human error. However, if the recipient wasn’t authorised to access the data, this could be considered a data breach.
- Data being posted to the wrong post address. Data controllers and processors need to update information such as home addresses to avoid sending letters to the wrong person; this is one of the key principles. Otherwise, someone without authorisation could open a letter containing your personal data.
- Lost or stolen personal data. For example, a councillor may leave files containing personal data in a bag in a restaurant. Members of the public could access this data.
2022 Data Breach Statistics
The ICO provides a quarterly report looking into the latest data security incident trends. The latest report found there had been a total of 28,369 data security incidents reported to the ICO from Q1 of 2019/20 to Q3 2021/22. The ICO also found that:
- Out of the total incidents reported, 21,286 were non-cyber
- On the other hand, 7,083 incidents were cyber
- Data emailed to the wrong person was the most common incident type, followed by data posted to the wrong person
Our advisors can offer free legal advice and go over more scenarios in which a data breach may happen and when claiming compensation for distress after a GDPR data breach. Use the live chat feature to connect with our team now.
UK GDPR Breach Compensation Claims – How Long Do I Have To Begin A Claim?
You could potentially claim UK GDPR breach compensation if you’ve suffered a psychological injury or financial loss as a result of a personal data breach. However, it’s important to start your claim for compensation for a GDPR breach of your personal data under UK law within the time limits that are outlined under the Limitation Act 1980.
Generally, you will need to start your claim within 6 years. However, to claim against a public body, this reduces to just 1 year in which you must start a claim.
For more information on data breach claims and claiming UK GDPR compensation for distress, get in touch at any time for free legal advice.
How Much Could I Get When Claiming Compensation For Distress Caused By A GDPR Data Breach?
Non-material damage refers to the psychological harm you experienced as the result of a breach of personal data. Previously, you were unable to claim for psychological damages unless you had suffered financial losses, too. However, the Court of Appeal ruled you can claim for non-material damages and material damages independently of one another, as well as together, following Vidal-Hall and others v Google Inc (2015).
Using the Judicial College Guidelines, which legal professionals use to value injuries, we can offer some insight into some guideline compensation brackets that can be referred to if you’re claiming compensation for distress after a GDPR data breach.
| Injury | Compensation Range | Notes |
|---|---|---|
| Severe Psychiatric Damage | £54,830 to £115,730 | Your health will be severely affected and the prognosis is poor. |
| Moderately Severe Psychiatric Damage | £19,070 to £54,830 | The effects are largely damaging but the prognosis is slightly better. |
| Moderate Psychiatric Damage | £5,860 to £19,070 | There will have been a marked improvement in the condition and the prognosis will be overall good. |
| Less Severe Psychiatric Damage | £1,540 to £5,860 | Daily activities such as sleeping may be affected. |
| Severe Post-Traumatic Stress Disorder | £59,860 to £100,670 | You will be unable to function at the same level as pre-trauma |
| Moderately Severe Post-Traumatic Stress Disorder | £23,150 to £59,860 | There will be a better prognosis than in more serious cases provided that professional help is sought. However, the injured person will be significantly disabled for the foreseeable future. |
| Moderate Post-Traumatic Stress Disorder | £8,180 to £23,150 | A full recovery is likely while any ongoing symptoms will not be too grossly disabling. |
| Less Severe Post-Traumatic Stress Disorder | £3,950 to £8,180 | Any ongoing symptoms are minor and a full recovery is expected within two years. |
What Is Material Damage?
Material damage relates to financial losses stemming from a data breach. For example, this could include money stolen from bank accounts or damage to credit scores. Therefore it would be useful for you to keep hold of bills, receipts and statements to prove material damage.
For a more accurate valuation of your case, speak to our team now. Our advisors can connect you with a solicitor from our panel if you have a valid claim.
Should I Work With A No Win No Fee Solicitor?
Hiring legal representation may seem daunting to you due to the costs involved. If so, you might be interested in hearing about a No Win No Fee agreement. Solicitors who work through this arrangement require no upfront fee. You won’t have to pay them anything as the claim progresses, either.
Your solicitor will take a legally capped percentage of your compensation if your claim succeeds. However, you don’t have to pay solicitor fees if your claim is unsuccessful.
Our panel of solicitors can offer their services on a No Win No Fee basis; however, they can only do this if you have a valid claim. Our advisors are on hand to offer you free legal advice and can clarify whether your claim has a good chance of success or not.
Ask Us About Claiming GDPR Compensation For Distress
After reading our guide on claiming compensation for distress after a GDPR data breach, you may wish to see if you could start your claim today. If you have a valid claim, our team may connect you to a solicitor from our panel. They will work to get you the maximum amount of compensation.
You can speak to an advisor by:
- Calling the number above
- Visiting our contact page
- Using the live chat feature on your screen
Further Information About Claiming GDPR Compensation For Distress
Before we conclude our article on claiming compensation for distress after a GDPR data breach, we thought the following resources may come in handy.
Make a complaint – The ICO’s complaint procedure.
Cyber essentials – The National Cyber Security Centre offers guidance on staying safe from cyber attacks.
Mental health – Get support for your mental health from the NHS.
We hope you understand a bit more about claiming compensation for distress after a GDPR data breach. For further queries, please don’t hesitate to get in touch.
Below, you can find links to some of our other claims guides:
- A General Guide To Data Breach Compensation
- How To Claim Medical Data Breach Compensation
- Medical Conditions Data Breach Claims
- Mortgage Broker Data Breach Claims
- Sexuality Data Breach Claims
- Payouts For Disciplinary Records Data Breach Claims
- Tax Information Data Breach Claims
- How To Find Data Breach Solicitors
- Accountant Data Breach Claim
- How To Claim For A Data Breach
- Data Breach Claim Examples
- UK GDPR Data Breach Claims Explained
- Trade Union Membership Data Breach Claims
- UK GDPR Compensation Calculator For 2022
- Can I Make A Police Data Breach Claim?
- Completing A Data Breach Report For A Compensation Claim
- Debt And Arrears Data Breach Claims
- Credit Score Data Breach Claims
- Wage Data Breach Claims
- How To Claim For A Disciplinary Information Data Breach
Writer Lewis Jacques
Publisher Fern Stanhope