Any person living in the EU who has suffered as a result of a data protection breach may be due compensation, this guide offers quick answers to those looking to understand where they stand in this eventuality. The information written here is intended as a guide only, should you wish to get further clarification on your situation, or find out if you could be due data breach compensation, then get in touch with us today.
Who can make a data protection breach compensation claim?
According to the GDPR, anyone living within the EU can make a claim after a data protection breach has caused them to suffer ‘material or non-material damage’. Individuals and organisations alike can claim compensation for data protection breaches.
In order to make a successful claim, it must be proved that the claimant has suffered as a result of the breach. The success of a claim and the amount of compensation that will be awarded will depend on the severity of the damage caused to the claimant.
What can you claim data breach compensation for?
The GDPR makes allowances for data protection breach claims to be made as a result of both material and non-material damages. Compensation can be made as a result of direct financial loss, as well as non-material distress.
Examples of data breaches can vary wildly, the most straight forward data breach compensation claim can be made when a data breach has directly led to an individual losing money. Claims can also be made for lost earnings, such as in the case where a claimant is terminated from a role as the result of a data protection breach.
In 2014 a precedent was set in UK law that a claim for compensation as a result of data breach could be made even if the claimants had not suffered any financial loss. The case of Juith Vidal-Hall (2) Robert Hann (3) Marc Bradshaw V Google involved a group of individuals suffering distress after learning that their ‘personal characteristics’ informed Google’s advertisements that were shown to them on their mobile devices, even after they had set their privacy settings to block third party cookies.
Claimants suffering from distress, anxiety or worry as a result of a data protection breach can claim for compensation to pay for any private treatment that they might require, such as counselling,. It’s also possible to claim if the breach has caused a recognised psychological condition, or had a general affect on the claimant’s domestic or social life.
How much compensation can you claim for a data protection breach?
Data protection breach compensation amounts vary from case to case depending on the type of claim that has been made and the severity of the distress or damage caused to the claimant. Cases involving ‘low risk’ personal information that is unlikely to lead to serious distress can be settled from between £750 and £1000 in compensation.
This should be considered the lowest end of the spectrum, and whilst it’s important that data protection breaches of all kind should be reported to the ICO, many solicitors will not consider taking on any cases of a lower value as they will not be able to take a suitable fee for their time spent processing the claim.
How much are solicitor’s fees for a data breach compensation claim?
Solicitor’s fees for data breach compensation claims vary dependant on the firm. Data Breach Help’s solicitors work on a No Win No Fee agreement which guarantees the claimant peace of mind in the event of case being taken on. Our solicitors only take on cases that they are confident in winning.
When a compensation claim is successfully made our solicitors take 25% of the awards won as their payment, the rest of the money awarded goes directly to the claimant. Should the case not be successful then the claimant will not be liable to pay a thing, unless they have deliberately mislead the solicitors, or backed out of the process after it has already been put in motion.
What law relates to Data Protection Breach compensation?
Article 82 of the GDPR relates to the right to compensation as a result of a data protection breach. It states that: ‘Any person who has suffered material or non-material damage as a result of an infringement of this Regulation shall have the right to receive compensation from the controller or processor for the damage suffered.’
The Data Protection Act 1998 was replaced by the General Data Protection Regulations and the Data Protection Act 2018 in May 2018. The introduction of these regulations and laws lead to a rush of emails being sent out from all manner of organisations. Many complained about this influx of legal babble in their inbox, but this dump of information led to the general public becoming more aware of their rights in relation to their data protection rights.
Can you receive data breach compensation from the Information Commissioner’s Office (ICO)?
The Information Commissioner’s Office (ICO) does not reward individuals or organisations with data breach compensation. The ICO is the UK’s independent authority governing information rights in the public’s interest, whilst they do not award compensation, they can fine organisations failing to meet their standards.
They serve an important role in the data protection sphere through the information that they publish on their website and their power to fine organisations who do not meet the standards set by the GDPR and Data Protection Act 2018.
Whilst the ICO does not have the power to award compensation to those suffering from a data protection breach, they do have the investigative authority to assess an organisation who has been reported as being guilty of a breach. Should the ICO support your assertion that an organisation has breached the GDPR or DPA 2018, then you will be in a better position to make a compensation claim against that organisation. However, it is not necessary for you to contact the ICO before making a data breach compensation claim.
Do you still have questions about data protection compensation? Use the contact form below to tell us about your breach, or start a chat for an immediate answer from one of our team.