Everything you Need to Know About Data Breach Compensation
According to GDPR law, if a company that holds your data experiences a breach, you may be entitled to make a claim if you have suffered some form of loss or emotional distress as a result. A data breach has occurred when personal data is lost, destroyed, accessed, or disclosed in an unauthorised way, whether that is by accident or intentionally by someone inside or outside of the company. Data breaches can involve:
· Personal health information
· Medical documents
· Social services documents
· Financial information
· Sensitive, protected, or confidential information
Can you claim compensation for breach of data protection?
You can make a claim for data protection breach compensation due to GDPR if your life has been negatively impacted as a result of a company breaching the data protection law. The company might agree to pay the compensation to you without involving the ICO (Information Commissioner’s Office), so you don’t have to claim.
If you believe that your personal data has been lost or misused and you have experienced loss or distress, you could be able to claim for data breach compensation. However, data breaches can be complex and so it is advised that you report a complaint through the ICO, the UK’s data protection regulator and supervisory authority for GDPR compliance.
The ICO can investigate the incident and determine if a company is at fault for the breach. This process can be slow, but it will likely add weight to any compensation claim you might make.
You don’t have to contact the ICO or wait for its investigation to finish, you can bring a case against a company directly without getting the ICO involved. However, it will strengthen your case if they find there is a breach, and the company was in the wrong.
Who can you claim against for a breach of data protection?
You can start a claim for a data breach against anyone, whether they are an individual or company in any sector. In some cases, there can be more than one company involved in the claim.
Usually, GDPR claims, and data breach claims are settled outside of court.
How much data breach compensation can you claim?
The law surrounding data breach compensation is currently under development, the courts are yet to provide specific guidelines on what will be awarded. How much compensation you can get typically depends on the type of data breach and how it has impacted your life both financially and mentally. Compensation normally ranges from:
· £1,000-£1,500- for breaches of basic personal data. For example, name, date of birth, home address, and email address.
· £2,000-£5,000- for breaches of medical records.
· £3,000-£7,000- for breaches of financial information.
· £25,700-£42,000- for breaches that cause mental and physical illnesses like depression and anxiety to name a few examples.
How much compensation have previous victims been awarded?
The amount of compensation that previous victims have been awarded has risen over the years, with initial breaches of the Data Protection Act only winning around £2,500 in damages related to the disclosure of personal information. However, as companies have been gathering more private data over the years, more cases have been going to court, resulting in more victims getting higher amounts of compensation.
Do you have to go to court to get compensation for a data breach?
You do not have to go to court to get compensation, as the company might agree to pay you. If the organisation does not agree to pay, you might need to make a claim in court to obtain your compensation. You can start a claim for both material damage (if you have lost money) or non-material damage (if you haven’t lost money but have suffered emotional distress).