By Stephen Yutani. Last Updated 9th January 2023. If you’ve been affected financially and/or psychologically by a data breach, then you may ask if you could receive UK GDPR compensation for distress? This article aims to explain the issue. You may have heard recently about big international companies or even your local council being involved in data breaches.
This can involve employees’ or customers’ personal information being compromised. This could understandably be a source of frustration. But what can you do if this happens to you?
Our advisors are here to help you with free, no-obligation legal advice. To find out more, keep reading this article, or get in touch by:
- Calling us on the number above
- Using the live chat feature on this page
- Contacting us through the website
Choose A Section
- How Do You Define A Data Breach?
- What Types Of Data Can Be Exposed And How?
- How To Prove Distress From A Data Breach In A Compensation Claim
- How Long Do I Have To Claim Compensation After A UK GDPR Breach?
- GDPR Compensation For Distress – How Much Could I Get?
- Working With No Win No Fee Data Breach Solicitors
- Learn More About Claiming GDPR Compensation For Distress
How Do You Define A Data Breach?
The Information Commissioner’s Office (ICO) is an independent body that enforces data protection legislation. In its guide to personal data breaches, it says that a data breach is when information is changed, disclosed, destroyed, lost, or accessed unlawfully.
Under the UK General Data Protection Regulation (UK GDPR) as well as the Data Protection Act 2018, organisations that collect, hold or process your personal information have certain obligations. Any company that handles personal data, no matter how big or small, has a responsibility to look after your personal information and keep it secure.
However, the breach alone is not enough to make a claim. In order to gain GDPR compensation, distress, or other mental injuries, and/or financial loss must have been caused by the data breach.
Positive wrongful conduct is also important to prove in data breach claims. This phrase means that the organisation you entrusted your personal data to either did something or failed to do something to keep your personal data safe. This can include not paying for anti-virus or encryption software, or not training staff on data protection to an appropriate level.
If these two elements cannot be established, it is likely your claim will be rejected. To get more advice on your data breach claim, get in touch with our advisors today.
What Types Of Data Can Be Exposed And How?
In data breach claims, two types of data are normally dealt with — physical and digital. Physical data can refer to anything printed or tangible, such as a contract printed on paper, or personal data stored in filing cabinets.
Digital personal data refers to anything that is stored digitally, such as on hard drives, optical discs, or cloud servers. Personal data can be stored on council databases, digital mailing lists, or biometric data held by schools.
Whether physical or digital, data breaches commonly happen through human error. This can happen as a result of:
- A failure to use blind carbon copy (BCC) on emails, giving others unlawful access to someone else’s email address
- Sending information to the wrong home address, when a correct address was already on file
- Paperwork being lost or stolen
- The wrongful destruction of data
Data breaches, such as the examples listed above, can potentially impact many types of records, such as information on your pension or mortgage or even medical records.
If one of these incidents happened to you and it caused injury or loss, you may be entitled to GDPR compensation for distress. Speak to an advisor today for more information.
How To Prove Distress From A Data Breach In A Compensation Claim
As indicated earlier, you are not automatically entitled to compensation if you have in some way been affected by a data breach that has occurred. To gain UK GDPR compensation for distress, your claim will need to establish with evidence that you have suffered this type of harm and it can be directly linked to the data breach that your claim focuses on. You may be asking how exactly you prove distress for a claim. Next, we’ll describe the process involved.
To start, you will need to be made aware of the breach. You will either be told by the organisation that was supposed to protect your personal data, or you will find out yourself. If you are alerted to the situation yourself, you should make a complaint to the organisation and find out what data was exposed.
If there has not been a fair response from the organisation, you could escalate your concerns to the ICO. You’d need to do this within three months of the organisation’s final response on the matter. From here, the ICO may investigate.
You may also wish to contact a solicitor. This is not necessary, and you can claim by yourself, but a solicitor could make the process easier. They should be able to accurately calculate the amount of compensation you could receive.
Evidence will also help you in your claim. This includes letters confirming a data breach, but also letters from your doctor confirming symptoms of mental harm or other signs of distress. GDPR compensation could be more difficult to gain without this.
To find out what a claims solicitor could do for you, speak to one of our advisors today for more information with zero obligation.
How Long Do I Have To Claim Compensation After A UK GDPR Breach?
To make a claim for compensation after a UK GDPR breach, your case must meet the specific criteria we have already discussed in the guide; these can also be found in Article 82 of the UK GDPR.
A claim for a personal data breach must be initiated within the correct time limits. You have 6 years in which to start a personal data breach claim. This is reduced to one year if making a claim against a public body.
For more information on data breach claims, get in touch at any time.
GDPR Compensation For Distress – How Much Could I Get?
When it comes to compensation, there are two heads of payout you could receive: material damage and non-material damage.
Material damage refer to the financial losses that could have been incurred as a result of the breach, such as stolen funds.
Non-material damage compensate you for psychological harm caused by the data breach. This refers to injuries diagnosed by a doctor.
Below, we have provided a set of figures from the Judicial College Guidelines indicating how much compensation you could receive. The JCG is a publication that solicitors use when valuing injuries.
The below compensation table may be useful, but we must stress that these are guidelines and will not reflect the complex details of your own data breach claim. For a more accurate amount, speak to a solicitor. Alternatively, why not call our advisors for a free estimate of what you could claim?
| Injury | Nature of incident | Possible compensation |
|---|---|---|
| Psychiatric Damage Generally (a) Severe | The severity here will depend on how the injured person is able to cope with life, the effect on personal relationships, vulnerability in the future, and also whether help from a doctor has been sought out. Claims involve psychological damage where the prognosis is very poor. | £54,830 to £115,730 |
| Psychiatric Damage Generally (b) Moderately Severe | Similar to the above, but prognosis will be more positive. | £19,070 to £54,830 |
| Psychiatric Damage Generally (c) Moderate | Where the above issues will be present, but there is evidence of improvement and prognosis is also positive. | £5,860 to £19,070 |
| Psychiatric Damage Generally (d) Less Severe | In this bracket, the ability to fall asleep as well as the length that the psychiatric damage affected you is considered. | £1,540 to £5,860 |
| Post-Traumatic Stress Disorder (a) Severe | This condition arises as a response to trauma, resulting in a disturbance to sleep, disorders with mood, as well as flashbacks and nightmares. In this bracket, all aspects of life are badly affected. | £59,860 to £100,670 |
| Post-Traumatic Stress Disorder (b) Moderately Severe | This bracket will be similar to the one above. However there is an improved prognosis. However, effects are likely to remain in the foreseeable future. | £23,150 to £59,860 |
| Post-Traumatic Stress Disorder (c) Moderate | Where the effects of this condition are not disabling and the injured party will have mostly recovered. | £8,180 to £23,150 |
| Post-Traumatic Stress Disorder (d) Less Severe | Full recovery between 12 to 24 months, leaving only minor or modest symptoms. | £3,950 to £8,180 |
Data Breach Distress – Compensation Examples For Material Damage
If your personal data has been breached under the UK GDPR, compensation for distress is known as non-material damage. However, you can also claim data breach compensation for financial losses. This is known as material damage.
Data breach distress compensation could include recovery of therapy costs or prescription costs if you were prescribed medication to treat your emotional distress. It could also include recovery of money stolen if the data breach included your financial details, such as banking information, or if someone was able to commit identity fraud as a direct result of your personal data’s inclusion in a breach.
You might be expected to submit your bank statements if money was stolen from your bank account. Additionally, you might have to present invoices or receipts for other costs you would like to recover.
Call our advisors to learn more about what you could claim under material damage as part of your data breach distress compensation claim.
Working With No Win No Fee Data Breach Solicitors
If you have grounds to claim UK GDPR compensation for distress but are not sure how to start a claim, you could consider hiring a No Win No Fee solicitor for support.
If you contact our team here at Data Breach Claims for support, then we may be able to connect you with a solicitor from our panel if it’s determined that you have a strong case. If you choose to be represented by a solicitor from our panel, you can do so under a No Win No fee agreement. Under this type of agreement, you will usually not pay any of your solicitor’s legal fees if your case goes forward without success. You will also pay nothing in terms of legal fees to your solicitor at the start of your claim, or while it is ongoing.
If your claim wins, you will pay a small percentage of your settlement to your solicitor for their success. Therefore, this agreement may make it easier to start and sustain a claim using the services of a solicitor.
For a solicitor to take on your claim, they need to assess it on the basis of success. They need to determine if a data breach actually occurred, who was at fault and if you suffered distress or financial loss. If they can determine you have a valid claim, it is likely a solicitor will take on your claim.
Don’t delay. You could have six years to claim against an organisation that isn’t a public body, but only a year against a public body such as the police or local government. If you are unsure of how much time you have left to claim, speak to an advisor today for more guidance.
Get In Touch
If a data breach has impacted you and you believe you could be entitled to GDPR compensation for distress, get in touch now. Our advisors can offer free legal advice with absolutely no obligation for you to proceed with the services of our solicitors. What’s more, they’re available 24 hours a day. So to find out what we can do for you, talk to us by:
- Calling us on the number above
- Using the live chat feature on this page
- Contacting us through the website
Learn More About Claiming GDPR Compensation For Distress
Mental health — A guide on the NHS website giving more information on mental health issues.
Post-Traumatic Stress Disorder (PTSD) — A guide provided by the NHS on the symptoms of PTSD.
Make a complaint — An ICO resource where you can complain in the event of a data breach.
Check out more of our guides below:
We hope this guide about claiming UK GDPR compensation for distress has been helpful for you. If you still have any questions about claiming data breach distress compensation, then please contact our team using the contact information mentioned above.
