How To Sue A Company For A Breach Of Data Protection

This guide will examine how to sue a company for a breach of data protection. Not all instances in which data protection law is breached will mean you are able to make a claim. We will explore the eligibility criteria surrounding data breach claims throughout this guide. We will also discuss the legislation in place to protect your personal data and how a breach could occur if this is not adhered to. 

The steps you can take after a data breach has occurred will also be explored. For example, gathering evidence or seeking legal representation in the form of a No Win No Fee solicitor.

Additionally, we will look at how much compensation you could be entitled to if your claim is a success. 

For more information, you can speak with an advisor from our team who is happy to provide you with free legal advice 24 hours a day, 7 days a week. 

To get in touch: 

• Call us on 020 8050 3051
• Contact us online
• Use the live support option below

Browse Our Guide

1. When Are You Able To Sue A Company For A Breach Of Data Protection?
2. How To Sue A Company For A Breach Of Data Protection
3. What Are Examples Of A Company Data Breach?
4. What Compensation Could You Receive From A Breach Of Data Protection Claim?
5. Why Use Our Panel Of No Win No Fee Data Breach Solicitors?
6. Learn More About Claiming For Breach Of Data Protection Compensation

When Are You Able To Sue A Company For A Breach Of Data Protection?

In this guide, we’ll explain how to sue a company for a breach of data protection. There are 3 different parties you’ll need to know about when considering making a personal data breach claim. These are:

• Data subjects: these are the living individuals who can be identified from the personal data. When we refer to data subjects in this guide, we are referring to you.
• Data controllers: organisations that decide when, how and why your data will be processed, or stored.
• Data processors: some data controllers may make use of external processing services. These are referred to as data processors, although not every organisation will do this.

Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, both data controllers and processors are required to maintain certain standards of data protection.

Eligibility Criteria To Sue A Company For A Data Breach

In order to make a data breach claim against a company, you will need to show the following:

1. The data controller or processor engaged in some form of wrongful conduct contrary to their obligations under data protection law.
2. This conduct resulted in a personal data breach that impacted your personal information.
3. You experienced psychiatric harm, financial losses or both as a result of this.

Personal data refers to any information that can be used for the purposes of identifying a living individual, both directly and indirectly. Examples can include contact information such as phone numbers, your name and your postal address as well as your bank and credit card details.

There is also a special category of personal data under the UK GDPR. This is information that is deemed to be of higher sensitivity and therefore in need of greater protection. Personal data regarding your racial or ethnic origin, trade union membership, political beliefs, or sexual orientation comes under the special category.

To get a free assessment of your eligibility to claim, or to find out more about what happens if a company breaches GDPR in the UK, contact our team today.

How To Sue A Company For A Breach Of Data Protection

After experiencing a breach of data protection, there are several steps you could take. Firstly, you can contact the organisation to find out about the nature of the breach and what data has been compromised. This can be done by sending an email or letter. 

If you do not receive a satisfactory response from the organisation or they do not respond at all, you could make a complaint to the Information Commissioner’s Office (ICO). The ICO are the UK’s independent watchdog responsible for safeguarding data protection laws. 

Whilst the ICO could choose to investigate your complaint, they cannot award compensation. As such, you might find it beneficial to seek legal advice from a solicitor to help you through the process of seeking data breach compensation, including gathering evidence to support your claim. 

Evidence you could gather includes:

• Correspondence between yourself and the data controller or processor regarding the breach. This could include how it happened, what data was compromised and how you were impacted.
• Evidence of any psychological harm in the form of a report from a medical professional.
• Records of any financial losses in the form of receipts, invoices, bank statements or credit score ratings. 

An advisor from our team can provide you with more information on the company data breach claims process if you get in touch. 

What Is The Time Limit To Make A Company Data Breach?

Data breach claims against a public body must typically be started within one year. However, if you are not claiming against a public body, you generally have 6 years to start your claim.

If you have any questions regarding time limit for data breach claims, please speak with an advisor from our team. 

What Are Examples Of A Company Data Breach?

A company data breach could occur in many different ways. For example:

• Due to your bank not having the proper cyber security systems in place, they are hacked. Consequently, personal data relating to your finances is stolen in a ransomware attack. This causes you anxiety and stress as well as leading to you having money stolen from your account.
• Your employer sends your payslip to the wrong email address despite having your one on record. As a result, your National Insurance number and other personal information is compromised, resulting in identity theft.

• Your doctor verbally discloses information about a medical condition you have, that has been recorded in your file, to another patient. As a result, you suffer from distress and anxiety. 

If you have evidence that a personal data breach has occurred and you have suffered harm as a result, please get in touch with a member of our team. 

What Compensation Could You Receive From A Breach Of Data Protection Claim?

The payout you receive for a successful claim could be split into two heads of claim. Firstly, you might be awarded compensation for non-material damage which refers to any mental injuries caused by the data breach. For instance, you might endure distress, anxiety or depression after having your personal data compromised.

In the table below, we have included guideline award brackets from the Judicial College Guidelines (JCG). The JCG publication contains compensation guidelines for various types of harm. We have used the psychological injury brackets in the table here.

Compensation Table

Please be advised the amounts given here are for guidance only, and that the first entry is not a JCG figure.

Harm	Severity	Guideline Compensation Bracket	Details
(a) Psychological damage (generally)	Severe	£66,920 to £141,240	There will be marked problems dealing with general life, education or work. The prognosis will also be very poor.
(b) Psychological damage (generally)	Moderately Severe	£23,270 to £66,920	There will still be problems coping with life, education and work but there will be a more optimistic prognosis.
(c) Psychological damage (generally)	Moderate	£7,150 to £23,270	Difficulty coping with life, education and work still persists, but there will be considerable improvements as well as a good prognosis.
(d) Psychological damage (generally)	Less Severe	£1,880 to £7,150	Compensation for this bracket will be based on the length of the period of disability and its impact on every day life tasks.
(a) Anxiety disorder	Severe	£73,050 to £122,850	Every aspect of the injured person's life will be majorly affected in a permanent way.
(b) Anxiety disorder	Moderately Severe	£28,250 to £73,050	The injured person will be significantly disabled for the foreseeable future. However, after seeking professional help there will be some recovery and a better prognosis.
(c) Anxiety disorder	Moderate	£9,980 to £28,250	A near full recovery will have been made and any persisting symptoms will not be grossly disabling.
(d) Anxiety disorder	Less Severe	£4,820 to £9,980	A near full recovery has been made within 1-2 years with only minor symptoms lasting over a longer timeframe.

Material Damage In A Data Breach Claim

Your payout could also include compensation for material damage which refers to the financial losses incurred as a result of the breach. This could include several loans taken out in your name or damage to your credit score. 

An advisor from our team can offer you an accurate estimate of how much data breach compensation you could be awarded if you get in touch. 

Why Use Our Panel Of No Win No Fee Data Breach Solicitors?

If you are still wondering how to sue a company for a breach of data protection, a data breach solicitor from our panel can assist you. They can also help:

• Present and build your case
• Value your claim 
• Collect evidence
• Guide you through the different stages of the claims process

The solicitors from our panel could ask you to enter a Conditional Fee Agreement (CFA) which comes under the No Win No Fee umbrella. If you accept this offer, you won’t have to pay for their services upfront or while your claim is ongoing. 

Furthermore, if your claim is unsuccessful, you typically won’t have to pay for the services they provide. However, you will have to pay a success fee to your solicitor if your claim is a success. This is deducted from your payout and law-capped, ensuring you receive the majority of your settlement. 

An advisor from our team can tell you if you have a valid claim if you get in touch. Moreover, they may connect you with a solicitor from our panel if you do. 

To get in touch: 

• Call on 0208 050 3051
• Contact us online
• Use the live support option below

Learn More About Claiming For Breach Of Data Protection Compensation

We have provided you with some more of our guides relative to data breach claims:

• Am I able to claim for a trade union membership data breach? 
• Can I claim for a university data breach? 
• How do GP data breach claims work? 

Moreover, we have included further resources that we hope you find useful: 

• NHS – Mental Health
• NCSC – Data Breach Guidance
• GOV – Make A Complaint

Thank you for reading this guide on how to sue a company for a breach of data protection. If you have any other questions, please get in touch using the details provided above.

Writer Beck Perk

Editor Meg Monsoon