Data breach is a cyberattack, which entitles the victim to claim compensation against both-the material and non-material loss. The Data Protection Act (DPA) 2018 and UK GDPR give the right to make the claim.

Before discovering about how you can claim, first understand what the data breach is.

When a person or organisation intentionally or unintentionally accesses personal, sensitive or financial information without the knowledge of the data subject (the owner of that information), it is the case of data breach. This information may be a confidential credit card number, trade secrets or any other data. 

When can you claim for data breach compensation?

Before a claim, you should know when you can be eligible to get the compensation for data breach. Here is a roundup of such conditions that make you eligible for it:

• When your personal data has been leaked, disclosed, misused, corrupted and even, hacked
• When you lose the information that does not matter with the economic loss, but the peace of mind
• When the breach was intentionally or unintentionally done
• When this incident of loss occurred in less than 6 years
• When the company misuses it in the name of free credit monitoring or anything else, excluding data breach settlement compensation

Once you are sure that you are eligible, the DPA and GDPR ensure proceeding with the claim making.

How can you get compensation?

There are two ways to get compensation.

1.  Try to Settle Matter Out-of-Court

• At first, ask the responsible for data breach organisation or person to pay for the damage. This is how may not need to move to the court if it agrees to pay for.

• If it does not agree to compensate for the loss, your second step would be to file the case in the court.  Then, the court will decide whether or not the organisation would be penalized with fines or sanctions.

However, the victim is recommended to take an advice from an experienced solicitor or the legal matter expert in this type of claims. His guidance would strengthen your case during the trial. As he knows about the pre-action protocols before any legal trial, you won’t get to the wrong way.  

2.  Trial

If the culprit organisation/ individual fails to reach an agreement, the victim may apply to the court with an action to be entitled for the claim under the DPA. The ICO or the Information Commissioner’s Office has the authority to enforce data protection obligations and protect privacy rights of people.

There are some web resources of the UK government that can guide you on how to bring a claim in England & Wales, Scotland and Northern Ireland.

• Information Commissioner’s Office or ICO

As aforesaid, it is a government authority that looks into all matters of data breach and privacy of data. It provides you the platform to file a complaint directly to the ICO. Your complaint is reviewed and then, it shares its opinion on the case.

This authority cannot award any compensation against the data breach. But, it helps to discover that you may be entitled to claim. Moreover, it may help you to determine the potential for the out-of-court settlement and in-court enforcement for the claim. 

This office has a power to penalise the culprit for the violation. But, only a strong legal advisor can accurately guide you on how to get the compensation. The DPA, 2018 has empowered it to reclaim any expenses that you have incurred on the investigation of the complaint. This reclaim is compensated from the settlement costs awarded at pre-court or in-court trial.