Data Subject Rights Following A Breach Of Data Protection – Data Breach Compensation UK Law
How much do you know about your data breach rights? Did you know that in some circumstances if your personal data and information have been breached you could be entitled to compensation? When you share your data with a third party, like a business, they have a duty to protect your data. If the data breach was their fault, you could be entitled to make a data breach compensation claim. If someone close to you who are unable to claim for themselves has been affected by a data breach, you could make a compensation claim on their behalf.
A data breach can be a difficult experience. The stress alone could cause harm to your mental health well-being and cause you unnecessary suffering. You could also be put at risk of identity fraud and theft. Both the losses you suffer financially and the harm caused by stress and anxiety can be claimed back in compensation.
If you have any queries about your rights following a data breach call our advisers. Use the contact details below to find out more and to inquire about working with a solicitor from our panel.
Get In Touch With Our Team
Services And Information
- Everything You Need To Know About Data Breach Rights
- What Is A Data Breach?
- What Personal Information Is Protected By The Data Protection Act?
- Steps Data Controllers Should Take To Ensure Your Privacy
- Steps Data Subjects Could Take Following A Data Breach
- Data Protection Breach Compensation Calculator
- Data Breach Rights To Make A Complaint
- Your Right To Take The Case To Arbitration
- Your Right To Claim Through The Courts
- Data Breach Claim Time Limits
- Data Breach No Win No Fee Claims
- Related Guides
- FAQs On Data Breach Rights
You have personal data subject rights that are supposed to protect your privacy and data security. It is important that you understand these rights because if they are violated you could be entitled to claim compensation. For example, you could sue your employer if they have not enforced your data subject rights. This page is going to introduce you to these rights.
This page is an introductory guide to making data protection breach claims. That means covering what they are, how and when they occur, and what situations could entitle you to claim data breach compensation. We are going to look at what a third party’s duties and responsibilities are for protecting your data. We’re also going to explain what goes on when you make a claim.
On this page, there is information about how to report a data breach and how you can start a claim. It will explain what some of the different potential processes are, and what they entail. There are also important things you need to know about claiming before you start one, and that includes the time limits in which you need to start a claim. Also how No Win No Fee agreements can help pay solicitors legal fees.
Get in touch with us if you want to start making a claim. Don’t worry if you’re still feeling undecided or if there are still things you don’t feel you know enough about. Get in touch through the contact details we’ve provided, and one of our team members will talk you through everything you need to know.
You will often find yourself passing on your personal data and information to other parties. This can include things like your home address, your phone number, and your bank account information, as well as other details about your personal identity and details. It is crucially important that information like this is kept secure and confidential.
You have a right to have this data kept secure, and anyone holding this information has a duty to protect this right. A situation where the integrity or security of this data is compromised can be known as a data breach. A data breach could occur in a number of different ways.
- Unlawfully sharing data with other parties
- Failing to secure data correctly
- Misusing data
- Losing data
To list just a few examples.
Depending on the circumstances and what kind of business or website you are dealing with, a variety of information could be passed on and stored. For example, when you consent to allow a website to track cookies you could be allowing them to store your:
- Email address
- Login details for that website
- Web browsing information
Depending on what other information you consent to share with a company, you could also end up providing them with information like:
- Banking information,
- Home address
- Phone number
- Employment history
- Personal identity and protect status identities, such as religion, age, sexual orientation, gender identity, disabilities, or nationality.
The Data Protection Act 2018 requires businesses who hold on to data like this to protect it and to ensure the privacy and security of their customer’s data.
A data controller is the one responsible for ensuring that there is compliance with the GDPR data subject rights in handling personal data. That means that they need to oversee that:
- Only data that is needed is collected
- Your data is only used for its stated purpose
- The data is collected with the data subjects knowledge and consent
- Stored data is accurate
- Ensuring data is destroyed when it is no longer needed.
- Data is held securely and not accessible by other parties
- That the body the data controller represents, or the controller themselves, can demonstrate compliance with these rules.
These responsibilities are enforced based on the General Data Protection Regulations (GDPR).
If data subjects’ data has been compromised then the organisation should tell the Information Commissioners Office ICO within 72 hours of detecting the breach. However, not all breached data will need to be reported to the ICO. Data subjects have a right to know about a data breach if they are at risk. The information they are told should contain how the breach occurred, what data has been breached, and what the likely possible outcomes are.
If you become aware of a data breach, you should first change your passwords, particularly for any websites that you have entered your banking and credit card information into. Make sure that the passwords are strong and not easy for a hacker to guess. Check your bank accounts, and make sure that no transfers or transactions have taken place. Notify your bank of the data breach. Be alert and cautious about possible scam emails or phone calls or phishing attempts.
You can make complaints to take action against a company that has allowed a data breach. Request them to tell you exactly what data has been breached, and what the possible consequences are. You should also ask them how the breach occurred and what steps they have taken to deal with it.
You could make a complaint against them. If you believe that there has been wrongdoing or negligence, you could make a complaint to the Information Commissioners Office (ICO), the regulator of data protection in the UK. This body could carry out an investigation and hand down sanctions.
If neither of these two options works out for you, you could start looking into action to win compensation from the company for their negligence. You can start this process by calling up our team for more information.
If you are awarded compensation, it will be designed to reflect the ways in which the data breach has harmed you. This will mean compensating you for the harm to your mental health and for the harm to your financial situation.
Being the victim of a data breach can be a severely stressful situation. It means that your personal information, including your home address, personal contact details, banking information, as well as information like disabilities or criminal records you might have could potentially be accessed by those who could harm you. It is very much the equivalent of having your home burgled.
The stress of worrying about the potential consequences of a data breach could leave you suffering from symptoms like anxiety, stress, panic attacks, and sleeplessness. You could end up suffering from the symptoms of PTSD. Even if no other consequences stemming from the data breach, the mental effects could entitle you to compensation. The worth of the compensation you could be entitled to will be calculated according to personal injury compensation guidelines. You can see the amounts of compensation you could be awarded in the table below.
The table contains bracket figures for compensation. They are taken from the Judicial College Guidelines JCG. These guidelines are often used by legal professionals to come to values for suffering caused by illness or injury. An assessment by a psychotherapist may be needed in order to get a diagnosis upon which to base the calculations.
If a data breach causes you financial losses as a result of your banking information being accessed and used to steal money or make purchases, or because you have had to take time off work for stress-related reasons, you could receive compensation of equivalent value. You will need to provide proof that these losses were linked to the data breach.
|Severe PTSD||Trauma which prevents the victim from functioning normally in life, work and relationships||£56,180 to £94,470|
|Moderately severe PTSD||Same as above, but with but with a better prognosis with therapy. However for the foreseeable significant disability.||£21,730 to £56,180|
|Moderate PTSD||A recovery from trauma without disabling lasting symptoms||£7,680 to £21,730|
|Less severe PTSD||Cases where the victim makes a Full recovery from trauma within two years||£3,710 to £7,680|
|Severe psychiatric damage||Severe negative effects on relationships and ability to cope with life, education and work||£51,460 to £108,620|
|Moderately severe Pyschiatric damage||The same problems as above, but with prognosis more optimistic.||£17,900 to £51,460|
|Moderate Psychiatric damage||Prognosis is good but there will have been significant injury.||£5,500 to £17,900|
|Less severe Psychiatric damage||Cases in which the victim has made a full recovery apart from minor symptoms||£1,440 to £5,500|
A data breach is a breach of your personal information. The policies that a data controller should have in place should prevent breaches from happening if they have been implemented properly. If you are a victim of a data breach you can write to the organisation that has breached your data and ask for an explanation. If this does not bring a meaningful response you can make out a complaint to the ICO. Do not leave complaining to the ICO until too much longer after 3 months of receiving any meaningful response from the organisation that has breached your data. You may have the right to seek compensation for any mental suffering or financial losses you have suffered because your personal information has been breached by a company failing to protect it.
The first person or body you could make a report to is the data controller responsible for your data. They should provide you with an explanation of what has happened if they haven’t already contacted you. Ideally, they should also be able to provide an explanation about what they are going to do about the situation and rectify matters. You could then make a complaint to the ICO if you are not satisfied with the response that you receive from the data controller.
The ICO is the Information Commissioners Office. They are the regulatory body for data protection in the UK. They are responsible for investigating complaints and reports of data mishandling and data breaches. You could make a report about your data breach to the ICO. They have the authority to investigate the issue. If they find that the data controller of your data has negligently mishandled your data, and breached your data subject rights they could impose a fine.
If the controller of your data has been negligent and has caused a breach of your data subject rights, you could work with a solicitor to present the case to them that you should be entitled to compensation for the effects of their negligence. By presenting this case, with evidence of the harm it has caused and possibly with the ruling of the ICO supporting your claim, the company could be compelled to offer you a settlement. A settlement is compensation that a third party could offer to the persons affected by their negligence in return for the case being dropped and not facing liability in court.
If you are unable to make the responsible party pay compensation through arbitration, you could have the right to take the matter to court. This could end up having to be the course you take if the party you are claiming against challenges your claim and denies responsibility.
If the claim cannot be settled between you and the data controller (or the organisation they represent) then the matter may go to court. In court, your solicitor will represent you. They will present the case and its supporting evidence to the court, and the opposing party will present theirs. The court will decide whether or not the case makes the third party liable, and how much compensation you should be awarded.
The time limit in which you need to start a data breach claim is six years. Once this time limit has expired you will lose the right to make a data breach claim, regardless of the validity of the claim otherwise. One exception to this rule is if you intend to make the claim on the grounds that it constituted a violation of your human rights. In such a case like this, the time limit to start a claim is one year.
Signing a No Win No Fee agreement with your solicitor means that their fee is conditional on your case winning. A No Win No Fee solicitor doesn’t require you to pay legal fees upfront. And there is no obligation to pay any fees while the claim is going. That’s because the only payment that you have to make to a solicitor who offers No Win No Fee terms is a “success fee”.
It is a good indication that your solicitor is confident that the claim will be a success. Our panel of solicitors all offer No WIn No Fee terms. For more information about the terms and conditions, call our team.
Get In Touch With Our Team
What is the first thing you must do when a data breach is discovered?
If you discover you have been a victim of a data breach check your bank accounts and notify your bank of the breach. Possibly change your passwords for websites and accounts you use. Then consider making a complaint to the data controller of the organisation that has breached your data, or making a complaint to the Information Commissioners Office (ICO). When logging a data breach What information should you record?
The following information should be logged when a data breach is being reported.
- A description of the data that has been breached
- A description of who is affected
- The contact details of the data protection officer
- An assessment of the likely effects of the breach
- A report on measures taken to rectify or mitigate the breach.
What can I do if my data has been breached?
You have the right to make a complaint to the data controller responsible for your data if your data subject rights have been violated. You also have the right to make a report to the Information Commissioners Office. And you have the right to seek legal consultation about making a compensation claim.
You can minimise the risk of fraud by changing your passwords, contacting your bank, and being on the lookout for any suspicious activities or messages you receive.
Checked by EI.