GDPR data breach rights have never been more prevalent in today’s digitalised age, especially when we’re seeing more and more breaches taking place all of the time.
As specialists in group action compensation, a large proportion of the over 40 different group and multi-party actions that we’re involved with now include data protection issues. These range from some of the earliest actions, like the TalkTalk hack and the 56 Dean Street Clinic leak, to huge cases like the BA Data Breach Group Action that we’re on the Steering Committee for.
With this in mind, we wanted to make sure that people are clear on how GDPR affects their rights when it comes to making a claim for compensation.
GDPR data breach rights for compensation
When it comes to your GDPR data breach rights, there are two important things that are generally the most important:
- Ensuring that an offender is punished; and
- Justice for you.
The Information Commissioner’s Office (ICO) has the power to issue substantial fines to data breach offenders. Their first provisional fines using the new legislation have been set at £183m for the BA data breach, and £99m for the Marriott one.
Organisations have a duty to report data breaches to the ICO where the matter is serious enough. This should then trigger the ICO investigation where they can then decide whether to issue a financial penalty or not.
What about justice for victims?
Arguably, a fine that’s issued by the ICO doesn’t really do much for the victims in terms of the justice that they deserve for what they have had to go through.
Money that’s collected from ICO fines doesn’t usually go toward funding damages for victims either.
That being said, the GDPR data breach rights of a victim can entitle them to compensation as a separate matter to any financial penalties that are issued. If your information is exposed or misused, you have the legal right to seek compensation for any distress or loss that’s caused. This could be the distress caused by the loss of control of your personal data, or money that has been stolen due to fraud.
However, a recent court case has also paved the way for victims of a data breach to receive compensation in some cases even when there hasn’t been any distress or loss suffered.
Using your GDPR data breach rights to obtain compensation
We can make use of your GDPR data breach rights to be able to pursue a claim for compensation on your behalf.
We can represent you on a No Win, No Fee basis for eligible cases, and for big cases like the BA Group Action, we can also obtain funding and insurance. This is normally what you need to be in the position to take on a big company and fight for the compensation that you deserve.
If the organisation that has exposed or misused your data admits liability or is found to be liable, you can then be entitled to receive damages. If the claim is for distress, the claim will usually be valued based on the extent and severity of the suffering you have endured. If it’s for financial losses instead, or as well, the value of the claim will usually reflect what has been lost.
For free, no-obligation advice, please don’t hesitate to get in touch with our team.
The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields are required.