Data protection act: Can you be paid damages for distress?
Understanding your rights if a company has breached the Data Protection Act is essential. Associate Mo Hussain runs through everything you need to know about Data Protection Act breaches and your options for pursuing a claim.
Every organisation that handles your personal data is legally obligated to keep it secure. To do so, they are required to follow a range of procedures and guidelines set out in the Data Protection Act.
If you are the victim of a Data Protection Act breach, leading to your personal information being compromised, you will no doubt suffer from serious emotional distress. This is where making a claim for GDPR compensation for distress can go some ways to putting things right.
In this article, we will explore:
- What is the Data Protection Act?
- What is GDPR?
- What does a Data Protection Act breach look like?
- What happens is the Data Protection Act is breached?
- How do you quantify emotional distress damages for data breaches in the UK?
- How much compensation can you get for emotional distress in the UK?
- Can you get compensation for direct losses in addition to emotional distress?
- What should I do to pursue Data Protection Act damages for distress?
- How Hayes Connor can help with claiming Data Protection Act damages for distress
What is the Data Protection Act?
The Data Protection Act 2018 sets out how personal information can be used by organisations and businesses in the UK, as well as the Government or any public bodies. Acting as the primary framework for data protection laws in the UK, it replaced the previous Data Protection Act 1998.
There have been a number of changes to the current act to reflect the UK’s exit from the European Union. These were put into effect at the start of 2021.
The Data Protection Act is divided into many different sections which all perform a range of functions. One important section that you should be aware of is UK GDPR.
What is GDPR?
GDPR (General Data Protection Regulation) defines the key principles for the collection, storage and processing of personal data in the EU. UK GDPR is the UK’s implementation of these rules.
The terms of UK GDPR set out seven key principles which dictate how organisations should process personal data. These are:
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Accuracy
- Storage limitation
- Integrity and confidentiality (security)
- Accountability
Failing to comply with UK GDPR could lead to a breach of the Data Protection Act. The consequences of this can be extremely serious, with affected individuals being in a position to claim Data Protection Act damages for distress.
What does a Data Protection Act breach look like?
UK GDPR provides very clear guidelines on what a personal data breach will look like. To summarise, it will involve “the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.”
Generally speaking, there are two ways in which a breach of the Data Protection Act could occur. They could be the result of a human error, or they could be caused by a malicious attack from an unauthorised third party.
In either case, even if an organisation did not directly cause a data breach, they will still be considered responsible and will be subject to a range of punishments.
What happens is the Data Protection Act is breached?
If the Data Protection Act is breached by an organisation, they are required to follow a range of strict processes when reporting the matter.
If any individuals have been affected by the breach, the responsible organisation must notify them without delay. They must also explain the following:
- The contact details of data protection officers who can be contacted
- A description of the data breach and any consequences
- A description of any measures that have been taken/are being undertaken to address the data breach and mitigate further incidents
- Advice on steps that can be taken for individuals to stay protected
Individuals who were affected by the breach of the Data Protection Act may also be in a position to claim compensation. This includes data breach distress compensation.
How do you quantify emotional distress damages for data breaches in the UK?
The potential impact of a data breach can be huge. If an organisation is responsible for exposing your personal data, such as your financial, medical, or contact details, you may understandably be put under huge amounts of distress.
When we talk about data breach distress, we are referring to the anxiety and emotional strain and psychological damage that arises as a direct result of being a victim of a data breach.
To make a claim for data breach distress compensation, it needs to be clearly demonstrated that:
- Your personal data has been exposed
- This was the result of a data breach that could have been avoided
- You have suffered distress as a direct result of the breach
It is important to note that, just because you have not experienced any specific negative consequences, this does not mean a data breach will not have an impact on your mental health.
The emotional impact of a data breach on your friends and family can also be taken into consideration where appropriate.
How much compensation can you get for emotional distress in the UK?
The amount of data breach distress compensation you may be able to receive will vary depending on the circumstances of your case. This will include the type of data that was exposed, the perceived impact on your emotional wellbeing and whether you have also experienced any other losses (such as direct financial losses).
Can you get compensation for direct losses in addition to emotional distress?
Yes, you will be able to claim compensation for any direct financial losses, or identity theft, that you have also experienced.
If an unauthorised third party is able to access any of your financial information, they may be able to take a range of actions, including applying for credit in your name, setting up a fraudulent bank account or accessing any existing accounts you have in your name.
What should I do to pursue Data Protection Act damages for distress?
If you have experienced emotional distress as a direct result of a breach of the Data Protection Act, there are a number of steps you should take:
File a report with the ICO
If you have learned that you are the victim of a data breach, and this has caused distress for you and your family, the Information Commissioner’s Office (ICO) should be made aware. The organisation responsible for a data breach should do this themselves, but you can also file a report yourself.
A report from the ICO can be used to support your claim for GDPR compensation for distress.
Change your details
It will usually be a good idea to update your personal credentials where you are aware that they have been exposed. This will give you peace of mind and go some way to repairing the psychological damage caused by the data breach.
Speak to a data breach solicitor
If you wish to pursue Data Protection Act damages for distress, a specialist data breach solicitor can work alongside you to get the process underway.
At Hayes Connor, our expert data breach solicitors can meet you with you to discuss your situation and the emotional impact that a data breach has had on you. We can then advise you on whether you will have sufficient grounds to make a claim and advise you on the steps that need to be taken moving forward.
How Hayes Connor can help with claiming Data Protection Act damages for distress
If you have been notified that your personal data has been compromised following a breach of the Data Protection Act, our data breach solicitors may be able to support you in making a claim for data breach distress compensation.
At Hayes Connor, we have one of the largest teams of data breach specialists in the country. We have a wealth of combined experience and expertise in handling a wide range of data breach claims, meaning we will be able to advise you on whether you will have grounds to make a claim, the level of compensation you might receive and how the process will work.
We want to ensure that anyone affected by a data breach is able to access the compensation they deserve, while also making the claims process as straightforward as possible.
To start a claim, you can use our online claim form and we will get back to you shortly to let you know if we believe you have grounds for compensation.
If you would like to speak to a member of our team, please do not hesitate to give us a call on 0330 041 5135.