The General Data Protection Regulation (GDPR) empowers individuals to claim compensation from organisations for breaches of data protection law. The GDPR grants individuals the right to claim compensation for both “material damage” (e.g. financial losses) and “non-material damage” (e.g. distress) resulting from a breach of data protection law. The Information Commissioner’s Office (ICO) which is the UK privacy watchdog can’t award compensation, but individuals have the right to pursue it independently.

 

While court proceedings are not mandatory for obtaining compensation, organisations may agree to pay without legal intervention. However, if a resolution is not reached amicably, the next step involves making a claim in court. Seeking independent legal advice before proceeding is highly recommended to assess the strength of your case.

 

What Happens When You Take a Data Breach Claim to Court?

 

Before initiating court proceedings, individuals must demonstrate that they have attempted to settle the claim. This involves communication with the responsible organisation to explore potential agreements. 

 

If an agreement still can’t be reached, individuals can apply to a court to enforce their data protection rights and, if seeking compensation, can pursue this as a standalone claim or combine it with an action to enforce their rights. 

 

The compensation awarded in a successful data breach claim is at the discretion of the judge presiding over the case. Factors considered include the severity of the breach and its impact on the claimant, particularly in terms of the distress suffered. The court’s decision will be influenced by a comprehensive evaluation of all circumstances.

 

In case an organisation refuses or is unable to pay the awarded compensation, individuals have the option to seek guidance from the court on enforcing the judgment. It’s essential to be aware that the court may also consider awarding costs, either in favour of or against the claimant, depending on specific circumstances. Seeking independent legal advice remains crucial to understanding the potential risks associated with initiating a data breach claim.

 

Claiming Compensation for a Data Protection Breach

 

The aftermath of a data protection breach can leave individuals grappling with distress and potential harm such as financial or reputational. The amount of compensation awarded in a successful data breach claim is at the discretion of the judge overseeing the case. The judge considers all circumstances, focusing on the severity of the breach and its impact on the claimant. Assessing the distress suffered is a pivotal element in this evaluation, reflecting the emotional toll on the individual.

 

For a valid claim under the UK GDPR, it is crucial that the breach involves the exposure of personal data and that the claimant suffered harm as a direct result. The potential compensation for such breaches varies based on the type and duration of the harm experienced. For example, a diagnosis of anxiety disorder resulting from the breach could lead to compensation ranging from £3,950 up to £110,000, depending on the duration of symptoms.

 

To substantiate a valid claim, claimants must provide evidence demonstrating that the breach occurred due to the failings of the data controller and/or processor, resulting in psychological or financial harm. For psychological injuries, medical notes or reports from therapists can serve as evidence. In cases of financial loss, providing documents such as invoices, receipts, bank notification letters, and bank statements strengthens the claim.

 

 

Share this Article
Leave a comment

If you or your loved one has a possible claim, we’re here to assist.

Submit the contact form or ring us directly, and we’ll provide a no-obligation consultation.

Contact Us

Recent News

Latest News

Secret Energy Broker Commissions
Lost your password?