Data Protection & UK GDPR

What is your personal data?

This can be your private contact information, login details, passwords, bank account or payment details or medical information. If you would like more information on the definition of ‘personal data’ please click on the link to the Information Commissioner’s Office website.

Data made available publicly?

Have you suffered damage or distress as a result of your sensitive information being lost, misused or hacked?

Cybercrime and hacking is on the rise and those organisations who hold your personal information (also known as ‘Data Controllers’) are obliged to protect it under the data protection laws. If they however fail to do so and you suffer damage or distress as a result, we can assist you in claiming the compensation that you may be entitled to claim.

Example:

If your private contact information were obtained by hackers in a cyber-attack and the data controller had failed to take reasonable security measures to protect this data, it is likely that you may have suffered distress. This could have been from the worry and stress of being the victim of an identity fraud or from having to switch bank accounts and then take remedial measures.

In a severe case you may have actually become the victim of an identity fraud and lost money.

What is distress?

Distress can be described as ‘extreme anxiety, sorrow or pain’.

This could also be caused if your sensitive personal data was inadvertently disclosed online, for example by a vulnerability in the data controller’s website being exploited. This may be information that you would not want to be publicly available, because it is private or highly sensitive and the fact that it has been made public may cause you to suffer psychologically.

Please note that medical evidence is not required to prove distress and/or anxiety but if you are greatly affected by the breach then we would strongly recommend that a report be obtained from a Psychiatrist.

Your legal rights

Under the previous Data Protection Act 1998, as well as under the UK General Data Protection Regulation (UK GDPR), a new law that came into force in May 2018 and was then subsequently amended following Brexit in 2021, individuals have a number of rights, which we can advise upon. They include the right to obtain a copy of the personal information that data controllers hold about them. This is known as a Subject Access Request (aka ‘SAR’).

How much compensation will I receive?

This is not an easy question to answer as each case is fact specific but as a rough guide, the following amounts can be used as a starting point:

Medical Information – £5,000

Financial Information – £3,000

Minor breach – £750

Data not provided?

In many cases, data controllers fail to have full regard to these rights and refuse to provide the data that individuals are legally entitled to. We can help because we have experience of successfully applying to the court for an order to make them provide the appropriate information to you plus we may be able to obtain an award of damages for the stress and anxiety caused.

Funding

We are able to offer our litigation services on either a privately paying basis or conditional fee basis depending on the facts of the case and our initial view on the prospects of success.

Please note that our hourly rates for data litigation start at £175.00 plus VAT which are in accordance with the SCCO’s Guidelines Hourly Rates for this complex area of law and we may also be able to offer a fixed fee arrangement which would be dependent on when the matter would eventually settle.

Action!

Please call us on 0161 850 9911 and we will happily answer your questions.