What Happens If The UK GDPR Is Breached – A Guide To Claiming Compensation

This article offers information about what happens if the UK GDPR is breached. The UK General Data Protection Regulation (UK GDPR) is one of the pieces of legislation that outlines the responsibilities certain parties have with regard to protecting your personal data. It sits alongside another piece of legislation called the Data Protection Act 2018 (DPA). If either pieces of data protection laws are breached, and this compromises your personal data resulting in you experiencing losses of a financial nature, a mental injury, or both, it may be possible to begin a data breach claim.

what happens if the UK GDPR is breached

What Happens If The UK GDPR Is Breached?

In the following sections, we will explain who is eligible to launch a claim for compensation after data breach as well as the steps that could be taken to support a case.

We go on to explain what a personal breach is and provide examples of how one could occur if data protection laws aren’t adhered to. Our guide also offers an overview of settlements that could be awarded in data breach claims to address the impact the breach has had and how they are calculated.

Our guide concludes by looking at how a data breach solicitor off our panel could take up eligible claims under the terms of a particular kind of No Win No Fee contract and the benefits of working with them in this way.

To learn more, you can:

  • Call our advisors on 020 8050 3051
  • Contact our team and get a call-back.
  • Use our live discussion feature for immediate guidance.

Choose A Section Guide

  1. What Is The Eligibility Criteria To Make A Data Breach Claim?
  2. What Happens If The UK GDPR Is Breached?
  3. Examples Of Potential Compensation For Data Breach Claims
  4. What Evidence Could Help Make A Claim For Data Breach Compensation?
  5. Claim Data Breach Compensation On A No Win No Fee Basis
  6. Learn More About What Happens If The UK GDPR Is Breached

What Is The Eligibility Criteria To Make A Data Breach Claim?

To be eligible to claim for data breach compensation, you need to meet three criteria:

  • The data controller (sets the means and purpose for processing), or data processor (acts on the controller’s instructions), didn’t uphold their responsibilities as laid out in the UK GDPR and DPA 2018.
  • As a result of their wrongful conduct, your personal data was affected in a breach.
  • You then experienced monetary losses and/or a psychological injury.

Personal data is defined as any detail about you that used alone or alongside other details might reveal or infer your identity. Examples can include your name, postal address, email address, date of birth and bank details, such as your credit or debit card information. It can also include information that is more sensitive and requires extra protection, such as data concerning your health. This is known as special category data.

Personal data breaches are classed as any instance where the availability, confidentiality, or integrity of your personal data is compromised in a security incident.

If you have evidence that your personal data was compromised following a breach of the UK GDPR or DPA 2018, contact an advisor. They can offer further guidance on when you could be eligible to seek data breach compensation.

What Happens If The UK GDPR Is Breached?

If the UK GDPR is breached, and this causes your personal data to be affected or compromised, it could impact you psychologically or financially. Below, we have provided examples of how a personal data breach could occur and the impact it could potentially have.

  • An online retailer may lack the sufficient cyber-security systems. As a result, your banking details are stolen in a ransomware attack. This leads to fraudulent purchases being made on your credit card.
  • If a data breach at a bank occurs because they sent a replacement debit card to the wrong address, despite holding your correct details, it could mean money is stolen from your account.
  • The hospital may send a letter containing details of a medical condition to the wrong address, despite the correct one being on file. This leads to you experiencing stress and anxiety.
  • An email data breach occurs when confirmation of an appointment you have for counselling is sent to the wrong person, resulting in you suffering distress.

You could report a UK GDPR or DPA 2018 breach to the Information Commissioners Office (ICO). The ICO is the independent body responsible for upholding the rights and freedoms of data subjects. They can investigate breaches of data protection laws and take enforcement action against those responsible.

Call our team to find out what steps you could take if you were affected by a personal data breach.

Examples Of Potential Compensation For Data Breach Claims

A successful data breach claim outcome can mean compensation can be awarded for two types of damage.

Firstly, non-material damage is the term used to describe the psychological harm you suffered as a result of the personal data breach.

This could incorporate issues like depression, stress, anxiety and general distress because of a data breach. Or it could include more serious conditions such as post-traumatic stress disorder (PTSD).

In order to accurately calculate the value of any mental harm, legal professionals can look at any medical evidence provided in support of your claim. They can also refer to the guideline compensation brackets listed in the Judicial College Guidelines (JCG).

An excerpt of the JCG can be found in the table below. Please note, these amounts are only guide figures and settlements vary depending on each case.

JCG Award Brackets

Type of HarmLevel Of SeverityDescriptionAward Bracket Guidelines
General Psychological Damage(a) Severe A very poor prognosis due to marked problems affecting different areas of the person's life.£54,830 to £115,730
(b) Moderately Severe Significant issues affecting various areas of the person's life but with an improved prognosis.£19,070 to £54,830
(c) Moderate A significant improvement is made and the person has a good prognosis.£5,860 to £19,070
(d) Less Severe How long and to what extent the person was affected will be considered when valuing the award.£1,540 to £5,860
Post-Traumatic Stress Disorder (PTSD)(a) Severe A permanent disability that prevents the person from functioning at the same level as they did prior to the trauma.£59,860 to £100,670
(b) Moderately Severe A better outcome indicated in this bracket because of professional counselling leading to some recovery.£23,150 to £59,860
(c) Moderate A significant recovery and any ongoing issues won't be majorly disabling.£8,180 to £23,150
(d) Less Severe Virtually a complete recovery within 1 - 2 years and only minimal symptoms persisting beyond this.£3,950 to £8,180

How To Claim For Financial Losses

Material damage is the monetary loss or expense you experienced due to the breach of your personal data. This can include any funds stolen from your bank account or any loans and credit agreements that were fraudulently taken out in your name. It can also include illegal purchases made on your credit card.

With valid statements and credit reports to prove these amounts, compensation for these losses could form part of your overall settlement.

If you would like more information on data breach compensation payouts, please speak to an advisor on the number above.

What Evidence Could Help Make A Claim For Data Breach Compensation?

If the UK GDPR is breached, and this caused your personal data to be affected, leading to monetary loss or mental damage, or both, you could gather evidence to build a case. For example, you could collect:

  • Correspondence between you and the organisation. This could be in the form of letters and emails.
  • If you have suffered a psychological injury because of the data breach, a copy of your medical records could be used as evidence.
  • Financial documentation, such as bank statements, showing the financial impact of the data breach.

If you wish to instruct a solicitor to help you seek data breach compensation, our advisors could help. They can offer an assessment of your case and if they find it’s valid, they could put you in touch with a solicitor from our panel. As part of the services they offer, they could help you gather evidence and build your case. To learn more, please get in touch on the number above.

Claim Data Breach Compensation On A No Win No Fee Basis

As mentioned above, our panel of solicitors could help you with gathering evidence and building your case, provided it’s valid. Other ways they could assist include:

  • Valuing your claim.
  • Providing regular updates on the status of your claim.
  • Explaining any complex legal jargon.

Additionally, they can provide these services under a type of No Win No Fee contract. They often use a version called a Conditional Fee Agreement (CFA). This means no upfront fees for their services are necessary. Nor are any fees required for their work as the claim moves ahead. In addition to this, there are no fees for completed work if the claim fails.

Successful cases will see a small deduction from the compensation. Taken as a legally capped percentage, this is called a success fee. You can discuss this percentage with your solicitor prior to work starting on your case.

Our team can start your claim evaluation and clarify your eligibility to seek data breach compensation. They can also offer free advice on what happens if the UK GDPR is breached. For more information, simply:

  • Call on 020 8050 3051
  • Use the online contact option and request a call-back.
  • Use the live chat option for instant help.

Learn More About What Happens If The UK GDPR Is Breached

Below are some more helpful articles on data breach compensation:

In conclusion, these external resources may also help:

Thank you for reading our guide on what happens if the UK GDPR is breached. If you have any other questions, call an advisor on the number above.

Writer Jeff Walker

Editor Meg Monsoon