Who Can Claim After A UK GDPR Breach?

By Marlon Madison. Last Updated 9th September 2022. The UK General Data Protection Regulation UK GDPR sits alongside the Data Protection Act 2018 which require organisations (data controllers), those who process the personal information of data subject’s, to protect and secure it.

Who Can Claim After A UK GDPR Breach?

Who Can Claim After A UK GDPR Breach?

This guide will explain if you can make a claim after a UK GDPR breach. If organisations fail to comply with data protection laws, especially those mentioned above, not only can they be fined by the Information Commissioner’s Office ICO, but that will be putting your personal and sensitive data at risk.

If a breach of the UK GDPR compromised the protection of your data, you might have experienced emotional distress or financial losses. UK Law can help to assess any potential data breach claim you have. We can provide you with free legal advice about claiming compensation for a data breach. Moreover, our panel of solicitors can manage your claim to ensure you get the compensation you deserve.

To find out if you can claim after a UK GDPR breach, please get in touch with us today:

On the other hand, you can keep on reading to learn more.

Select A Section

What Is A Claim After A UK GDPR Breach?

To claim data breach compensation, firstly, you must prove that the organisation you hold responsible for the data breach failed to adhere to data security regulations i.e. breached the UK GDPR. Secondly, as not all data is protected by the data protection laws personal or special category data that belongs to you must have been involved in the breach. Thirdly, the personal data breach will need to have caused harm in the form of financial losses or mental illness in order for you to have a valid claim. 

Please get in touch with us today to enquire about claiming data breach compensation.

Data Protected By The UK GDPR

Personal data is data that identifies an individual. Here are some examples of personal data an organisation may collect:

  • Name
  • Address
  • Date of birth
  • Email address
  • Phone number
  • Bank account details
  • Username or password

In addition, an organisation may collect sensitive data, such as your medical data. The UK GDPR refers to sensitive data as special category data with special protection.

What Is A Breach Of The UK General Data Protection Regulation?

To make a claim after a UK GDPR breach it must first be established whether the organisation is responsible for the data breach. A personal data breach is a security incident that involves identifiable information and special category data. This information could have been lost, stolen accessed without authorisation, disclosed or destroyed without a lawful basis.

Data breaches can include the following examples:

  • An organisation loses personal data. For example, a lost device
  • An employee leaves physical files containing personal data in an insecure environment.
  • The organisation alters, destroys or encrypts personal data in a security incident
  • An unauthorised person gains access to personal data.
  • The organisation discloses your data unlawfully.

Under the UK GDPR, a data controller or data processor must responsibly handle data. The data controller must not share your data without a lawful reason.

The UK GDPR has 7 key principles. These principles fully explain how a data controller or processor should handle your data. A data breach can occur if an organisation fails to uphold the key principles of the UK GDPR.

How Do I Report A Breach Of The UK GDPR?

If an organisation has breached your personal data, you should receive a notification to explain what has happened. The organisation is only required to inform you of the data breach if your rights and freedoms are impacted. Under these circumstances, the organisation is also required to report the breach to the Information Commissioner’s Office (ICO).

The ICO may investigate and fine the organisation for failing to comply with data protection laws. You can get in touch with the organisation that breached your data and ask for an explanation.

If you do not believe the organisation that breached your data has taken the matter seriously enough, you can make a complaint to the ICO. Please get in touch with UK Law today, and if you have legitimate grounds to claim compensation, our panel of solicitors can start working on your claim.

What Evidence Do You Need To Claim After A UK GDPR Breach?

If you decide to make a claim after a UK GDPR breach, then gathering evidence to prove your case is vital. If you suspect that an organisation may have suffered a data breach but they have not contacted you to say so, it is important that you notify them about your concerns.

You can write to them stating that you believe your information has been involved in a breach. The data controller should provide you with the information you need. Always keep any letters or other correspondence that prove your personal data has been breached. If you are not happy with the way the data controller is dealing with the situation you can report the breach to the ICO. If they decide to investigate, any conclusions may add weight to your data breach claim.

It will be a good idea to begin to collect other evidence for damages you wish to claim for. This could be medical records that show how your mental health has suffered for example stress caused by a data breach. Along with any bank statements and receipts to show your financial losses.

Evidence You’ll Need For A Material Damage Claim

If your personal data has been put at risk due to a breach of the UK GDPR, a claim could potentially be made if you were psychologically or financially harmed.

If you have suffered financial loss as a result of a personal data breach, this is referred to as material damage in a data breach claim. Under the Data Protection Act, damages for distress can also be claimed, though this is referred to as non-material damage and is calculated differently.

Compensation for financial harm can be calculated directly based on the evidence of losses that a claimant can provide.

So, for example, if a data breach had led to someone stealing money from your bank account, you could present:

  • Bank statements
  • A police report
  • Emails or other written correspondence with the bank

If you were unable to work because of the breach, you could present:

  • Dated emails from the faulting party
  • Payslips, past and present, showing your affected earnings

This is applicable to a number of different situations. For questions you may have about the supporting evidence you could collect, please reach out to a member of our team to discuss claiming for financial losses because of a breach of data protection in the UK.

Personal Data Breach Claims Calculator

There are two heads of claim that you could receive for a successful personal data breach claim:

  • Firstly, you can receive material damages—compensation for the loss of money or assets that the data breach caused.
  • Secondly, you can receive non-material damages. Compensation for the emotional distress or mental health injuries the data breach caused.

You can use the table below to estimate non-material damages. The compensation amounts in the table are advisory. So, please be aware that you may receive a different settlement. You can contact us, and an advisor can give you a personalised quote based on your personal circumstances.

Mental Health Injury Damages About The Injury
Post- Traumatic Stress Disorder – Severe £59,860 to £100,670 All aspects of this persons’ life could be badly impacted. There will be permanent effects and the person will not be able to work at the same level prior to the injury.
Post- Traumatic Stress Disorder – Moderately Severe £23,150 to £59,860 The effects of the injury are likely to cause this person to have a significant disability into the foreseeable future. However, there is a better prognosis for being able to recover some.
Post- Traumatic Stress Disorder – Moderate £8,180 to £23,150 Largely, a recovery should have been made. If any symptoms do remain they are not grossly disabling to the person.
Post- Traumatic Stress Disorder – Less Severe £3,950 to £8,180 An almost full recovery has been made by the claimant. This should have occurred in 1 – 2 years and any symptoms left will only be minor.
Mental Health Illness – severe £54,830 to £115,730 Claimants will have experienced marked problems impacting all parts of this person’s everyday life.
Mental Health Illness – Moderately Severe £19,070 to £54,830 Claimants have a better prognosis than the most severe category. The injury could have impacted all of this person’s life.
Mental Health Illness – Moderate £5,860 to £19,070 Claimants have started to make some improvement by the claim goes to a trial, if there is a need for a trial.
Mental Health Illness – Less Severe £1,540 to £5,860 How much compensation is paid out will depend upon how long any symptoms lasted for and how serious these are.

We used the latest, Judicial College Guidelines 2022 16th edition, to provide the compensation amounts in the table. Data protection solicitors use these guidelines to help them value data protection breach claims.

How To Start Your Claim After A UK GDPR Breach

If you want to make a claim after a UK GDPR breach exposed your personal data, UK Law can help you. Our panel of solicitors can handle your claim as a No Win No Fee case.

You will sign a Conditional Fee Agreement CFA, where parties agree that instead of paying a solicitors fee upfront, you will pay a success fee if the outcome of your compensation claim is successful.

To begin your personal data breach claim, please get in touch with us today:

  • Call our advice line on 020 3870 4868
  • Contact us in writing to see if you can begin your claim online
  • Alternatively, you can ask us a question using our Live Chat widget

Find Out More About The UK GDPR and Compensation Claims

We have included extra information about making a data breach claim and the UK GDPR.

Guide to the UK General Data Protection Regulation (UK GDPR) – An ICO guide

Exemptions to the UK GDPR – An ICO guide

Data protection complaints – a guide from the ICO

Can I Claim For A Data Breach If My Personal Data Was Not Locked Away Or Secured?

Wrong Email Address Data Breach Compensation Claims

Stolen Paperwork Data Breach Compensation Claims

If you have any more questions after reading our guide to a claim after a UK GDPR breach do not hesitate to call our claims helpline today.

Writer AL

Checked by IE.