How To Claim For A Breach Of The UK GDPR?

Breach of the UK GDPR

Breach of UK GDPR Personal Data Breach Claims Guide

Can I claim compensation for a breach of the UK GDPR? If your personal data has been compromised because an organisation breached the UK GDPR you could potentially be able to claim compensation This guide also provides information about personal data breaches in general. How they happen, and when they might be the basis of a claim.

No two claims are identical – you may not see your exact circumstances in this guide. However, if you get in touch with us today, our team of expert claims advisors can provide any further guidance for free. You can call them on 020 3870 4868. Alternatively, request we call you back by using our contact form, or message our live chat at the bottom of this page.

Select A Section:

What Is A Breach Of The UK GDPR?

The UK has a number of bodies of legislation that relate to data security and privacy. These are the General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

In the UK, your personal data is protected by law. Every organisation that stores and processes this data has a legal obligation to keep it safe. If this responsibility is not met, it could lead to a breach of the UK GDPR.

If your personal data is breached, because the data controller, usually an organisation that collects personal data, has failed in their legal responsibility to adhere to data protection laws and this has caused you financial losses or mental illness you could be eligible to make a claim.

The governing body that oversees adherence to these laws is the Information Commissioner’s Office (ICO). This is also the organisation to that you would report a data breach. The ICO has the power to take punitive action against organisations when data controllers fail to comply with data protection legislation.

Data That The UK GDPR Protects

Not all data is protected by law. Only your personal and special category data. We have given a brief explanation of these types of data below.

  • Special category data – this is all of the data that can be used to find something out about you. Facts that could potentially be exploited. For example, your religion, ethnic background, trade union memberships, sexual orientation, etc.
  • Personal data – this is all of your unique, identifying information. Such as your name, address, date of birth, email address, phone number, etc. This could also be your key financial information, such as your debit card or credit card details or your bank account number.

What are the consequences of a UK GDPR breach? The UK GDPR provide 7 Core Principles that organisations need to implement to ensure that they are processing data correctly. When these principles or even rules are not followed it is possible that a personal data breach could occur that causes you, the data subject, financial and/or mental illness.

If your personal data is accessible by unauthorised parties, it could lead to a number of issues, such as identity fraud, hacking or even theft. If these issues have caused you some form of material loss or psychological harm, call our advisors today for a free case assessment.

For more information on how a breach of the UK GDPR could affect you get in touch with us at any time.

Statistics On A Breach Of The UK GDPR

According to data provided by the Cyber Security Breaches Survey 2022, we created the graph below. Usually, a small number of businesses take part in the survey around 1200. We have used the figures from surveys that date back from 2017 to the present day to create the graph you see below. It shows the number of businesses that have identified a cyber attack or breach.

Number of Firms Finding a Data Breach (2022 data)

What Evidence Do You Need To Claim For A Personal Data Breach?

As the data subject, if you believe that your personal data has been put at risk by a breach of the UK GDPR, you must prove that it was due to positive wrongful conduct by a data processor or controller in order to claim.

In certain cases, you may have received a GDPR data breach notification if your data was exposed. Any correspondence with the data controller could be used as helpful evidence for your claim. However, not all data breaches would require the data controller to inform you. 

If an organisation has suffered a data breach of any kind that affects your rights and freedoms they must inform you straight away. They must also report this type of breach to the ICO within 72 hours. You can report any data breach to the ICO, but you must do so within 3 months after your last contact with the data controller.

If you suffered mental health problems or financial losses, you will also need to prove the extent of these. To do so, you could potentially provide evidence such as:

  • Notes from a therapist
  • Other medical evidence, such as a mental health diagnosis from your GP
  • Bank statements

For more information on how to prove a data breach claim, get in touch with our advisors at any time.

How To Make Your Claim

If you intend to make a personal data breach claim following a breach of the UK GDPR, you will need to gather evidence, as listed above, that could support your claim.

Using a data breach solicitor can be very advantageous as they will know which evidence is best needed to support your claims. A solicitor can help you gather evidence that could be the most beneficial to your case and can guide you through every step of the claims process.

Once you have gathered your evidence, you must adhere to the Pre-Action Protocols for Media and Communication. Remember not all data breach victims are entitled to claim. If an organisation that has suffered a breach completely complied with data protection laws a claim is not likely.

Call our advisors today, not only can they provide you with free legal advice, they can also tell you if your personal data breach claim is likely to be awarded compensation. Where they can see a good solid case they can provide a specialist data breach solicitor to work on your claim.

What Could You Claim For After A Personal Data Breach?

When your personal data breach claim is successful following a UK GDPR breach, you can be awarded material and non-material damages.

The Judicial College produces guideline compensation brackets for a range of injuries and illnesses This document was last updated in 2022. We used these guidelines to create the table below, which lists figures for different psychological injuries you could potentially claim for.

It is also important to note that it may be possible to claim for psychological damage, even if you are not claiming for any monetary losses. This is due to the results of the Vidal-Hall and others v Google Inc [2015] Court of Appeal case. Similarly, after the Gulati & Ors v MGN Ltd [2015] case, it was decided that psychiatric injuries in data breach claims would be valued the same as they are in personal injury claims.

Psychological Injury Severity Information Damages
Psychiatric Damage Severe A mental illness of this severity will impair the life of the claimant. Work and home life will be impacted. A full recovery is unlikely. £54,830 to £115,730
Psychiatric Damage Moderately Severe Symptoms may be similar to the above in regards to difficulties with work, education and life in general. However, the prognosis for recovery will be more optimistic. £19,070 to £54,830
Psychiatric Damage Moderate There may have been mental health issues at first, but the claimant will have already improved some and will continue to do so. £5,860 to £19,070
Psychiatric Damage Less Severe Depending on how long the claimant suffered a mental illness, and how bad it was, the compensation award will differ. £1,540 to £5,860
PTSD (Post Traumatic Stress Disorder) Severe The life of the claimant will be severely and permanently impacted. For example, they may be unable to work and they have little chance of ever functioning at a pre-trauma level again. £59,860 to £100,670
PTSD (Post Traumatic Stress Disorder) Moderately Severe A case of post-traumatic stress disorder that is going to have a long-term negative effect on the life of the claimant. However, with professional help, they may be able to make some recovery. £23,150 to £59,860
PTSD (Post Traumatic Stress Disorder) Moderate The claimant would recover well, and any lasting symptoms would not be problematic. £8,180 to £23,150
PTSD (Post Traumatic Stress Disorder) Less Severe The claimant will have almost entirely recovered within 1-2 years. Only minor symptoms will last longer than this. £3,950 to £8,180

This table only deals with non-material damages (for pain and suffering). However, you could also potentially claim for material damages. This aims to cover any monetary loss caused by a data breach.

If you get in touch with our team of advisors, they will be able to tell you what you could potentially claim for under material and non-material damages, based on your own unique circumstances.

Can You Claim For A Breach Of The UK GDPR?

It can be possible to make data breach claims using a No Win No Fee solicitor. This means you would not need to pay any upfront fees to the solicitor before they start processing your claim for data breach compensation. You also do not pay your lawyer if the claim fails.

If your claim is successful, you would be required to pay your solicitor a success fee, taken from your final compensation amount. This fee is legally capped.

Why not get in touch using the details below:

Phone: 020 3870 4868

Contact form and webchat

Check These Resources To Learn More About Data Breaches

Here are some useful links.

Privacy Breaches: A Guide

Government Guide on Making a Complaint to the ICO

ICO Guide to Data Protection

Some more guides.

Lost Medical Records Compensation Claims

Can I Claim For A Data Breach If My Personal Data Was Not Locked Away Or Secured?

Human Error Data Breach Compensation Claims

UK Home Office Data Breach – Could I Claim Compensation?

Thank you for reading this guide on if you can claim for a breach of the UK GDPR. If you have any further queries, please don’t hesitate to get in touch at any time.

Written by CE

Checked by IR