A Company Has Misused My Personal Data – Can I Sue?
By Emily Jones. Last Updated 2nd May 2023. In this guide, we will provide information on the data breach claim process if you have experienced financial harm or psychological damage after a company misused your personal data.
All companies must comply with the UK General Data Protection Regulations (GDPR) and the Data Protection Act 2018 to ensure they are protecting your personal data from being breached.
Furthermore, the Information Commissioner’s Office is an non departmental public body responsible for the governing and overseeing of data protection laws.
They ensure that data controllers, those who say why and how data will be processed, uphold information rights and data privacy. It takes action against data controllers or processors in certain instances where they have breached the laws that protect your personal data.
In some cases, organisations that process your personal data (data controllers) may fail to comply with personal data regulations leading you to experience financial damage or psychological harm. In this instance, you may be able to make a personal data breach compensation claim.
We understand the process of making a claim may seem complex. However, this guide will look at the evidence you could provide to support your compensation claim.
Additionally, we will provide information on the benefits of using a No Win No Fee solicitor to make your claim.
We hope you find the information you need in our guide. However, if you have any questions whilst or after reading, please get in touch by:
- Calling us on 0800 073 8804
- Contacting us via our online claim form
- Using the live chat feature at the bottom of this screen.
Select A Section
- How Could A Company Have Misused Your Personal Data?
- Is The Misuse Of Data A Breach Of Data Protection Law?
- Misuse Of Data – Examples
- Who Could You Make A Data Breach Claim Against?
- What Could You Claim For The Misuse Of Data?
- Start A No Win No Data Misuse Compensation Claim
How Could A Company Have Misused Your Personal Data?
To understand how a company may have misused your personal data, it is important to know what a personal data breach is. A breach of your personal data may result from a security breach that leads to your personal data being unlawfully or accidentally:
- Destroyed
- Lost
- Altered
- Disclosed without authorisation
- Accessed without authorisation
Article 4 of the UK GDPR classifies personal data as information relating to an individual that may directly or indirectly identify that person. For example, name, an identification number, location data, an online identifier could all be used to identify you (the data subject) in some way.
If you have experienced a personal data breach because a company misused your personal data, get in touch with our advisors to find out if you could be eligible to claim.
Is The Misuse Of Data A Breach Of Data Protection Law?
As stated above, the UK GDPR and Data Protection Act 2018 are there to protect your personal data. This includes your name, date of birth, address, and email address. Data considered to be extra sensitive is given additional protection. For example, your racial background or political opinions.
The laws in place prevent the misuse of data by setting out seven key principles for data processing. Data processing is anything done to or with personal data, such as collecting, recording, storing, altering or destroying.
Article 5 of the UK GDPR sets out the principles relating to personal data processing:
- It must be processed lawfully, fairly and in a manner that is transparent.
- Legitimate purposes are required for processing. This includes further processing, such as archiving.
- It must be adequate, relevant, and limited to what is necessary.
- It must also be accurate and up to date.
- Personal data mustn’t be kept for longer than necessary.
- Processing must occur in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing as well as accident, loss, destruction or damage and using appropriate technical or organisational measures.
This means that organisations processing personal data must ensure that all staff with access have data protection training. Appropriate training prevents a breach of data protection, which could occur accidentally through human error. For example, there should be training and policies in place to prevent a verbal disclosure.
Additionally, organisations must take steps to prevent unlawful personal data breaches, such as having adequate cybersecurity for any data that is processed digitally. However, non-digital personal data storage, such as a filing cabinet would require locks to be compliant with the law.
Call our advisors for free legal advice. They can assess your claim’s chances of succeeding. If it seems eligible you could be connected to one of our No Win No Fee solicitors.
Misuse Of Data – Examples
A misuse of your data by a company could cause harm to your mental health or you may experience financial loss due to a personal data breach. In order to be eligible for data breach compensation, you must prove you have suffered due to the breach caused by a company.
To give you an idea of what could form the basis of a valid data misuse claim, we’ve featured some examples below:
- A company might send sensitive data, such as medical information, to the wrong recipient
- If a company does not correctly dispose of your personal data, it may be accessed by someone who is unauthorised
- Should a company fail to update their online security systems, your personal data might be hacked by cyber criminals
It’s important to get in touch if you think your data has been breached and you have suffered harm as a result. You may be owed compensation and our data breach solicitors could help you secure it.
Who Could You Make A Data Breach Claim Against?
It may be possible to make a data breach claim against an organisation that holds your personal data, whether they are in the public sector, private sector or charitable sector. However, your claim will only be valid if the breach of your personal data caused you financial and/ or psychological harm as a result of the organisation’s wrongful conduct.
The following parties could hold your personal data:
- Employers
- Internet service providers
- Mobile service providers
- Banks and other financial service providers
- Medical service providers
In order to support your data breach claim, you should gather evidence that you have been affected by the breach. This could include bank statements or credit reports that show the financial losses you have experienced. You could also provide medical evidence.
Additionally, you could make a complaint to the organisation responsible. The communication you have with the organisation could be used as evidence to support your claim.
Furthermore, you could report a data breach to the ICO. Whilst the ICO can’t offer compensation, their findings can be used as evidence in your compensation claim for the misuse of data.
What Could You Claim For The Misuse Of Data?
You could be entitled to compensation if you suffered harm due to a data breach. It is important to note that you can only claim for misuse of data that is personal, as previously stated in the sections above.
Following a successful personal data breach claim, you could be compensated for your material and non-material damage.
Material damage refers to any financial losses you have incurred as a result of the personal data breach. For example, if your credit or debit card information was involved in the breach, this could lead to fraudsters accessing your finances and making charges to those accounts. You will need to provide evidence of your material damage, such as bank or credit card statements.
Non-material damage refers to the psychological harm you have endured due to the personal data breach. For example, you could suffer from anxiety following a personal data breach.
Many legal professionals will refer to the Judicial College Guidelines (JCG) to help them value claims. This is because the JCG lists compensation guidelines for various physical and psychological injuries. We have used some of the amounts stated in the 16th edition of the JCG for the table below. Please only refer to this table as a guide.
Injury | Severity | Injury Bracket | Notes |
---|---|---|---|
Psychiatric Damage Generally | Severe | £54,830 to £115,730 | You may unable to cope with working and life in general. |
Psychiatric Damage Generally | Moderately Severe | £19,070 to £54,830
|
The prognosis is a lot more better than the bracket above. |
Psychiatric Damage Generally | Moderate | £5,860 to £19,070
|
There is an improvement in your ability to cope with working. |
Psychiatric Damage Generally | Less Severe | £1,540 to £5,860 | Daily activities might still be affected but not to the extent as in the brackets above. |
Post-Traumatic Stress Disorder (PTSD) | Severe | £59,860 to £100,670 | You may be unable to work and all aspects of your life are detrimentally affected. |
Post-Traumatic Stress Disorder (PTSD) | Moderately Severe | £23,150 to £59,860 | The prognosis may be better after receiving professional help. |
Post-Traumatic Stress Disorder (PTSD) | Moderate | £8,180 to £23,150 | You will have recovered to an extent. |
Post-Traumatic Stress Disorder (PTSD) | Less Severe | £3,950 to £8,180 | A virtually full recovery is made by one to two years. |
To see whether you could make a claim for personal data misuse, you can contact our advisors.
Start A No Win No Fee Data Misuse Compensation Claim
A No Win No Fee agreement offers a way to fund legal representation. Using a No Win No Fee solicitor means you won’t have to pay any upfront or ongoing costs. Furthermore, if your case is unsuccessful you won’t pay your solicitor a success fee.
However, if you are awarded compensation, a success fee in the form of a legally-capped percentage will be deducted from your compensation.
Contact our advisors today for more information. If your claim is strong enough, you could be put in touch with one of our experienced data breach solicitors. They all operate on a No Win No Fee basis and could take your claim if it has a solid chance of success.
You can get in touch by doing the following:
- Calling us on 0800 073 8804
- Contacting us via our online claim form
- Using the live chat feature at the bottom of this screen.
Learn More About Data Privacy
For more reading on data privacy, you may find the following resources useful.
- What is personal data? – The ICO offers further context on personal data and data privacy.
- Action the ICO has taken – Learn more about the action the ICO has taken against organisations.
- Special category data – Understand what can be defined as special category data with this guide from the ICO.
Below are some additional guides that may help you understand more about making a claim for a personal data breach.
- My Personal Data Has Been Lost After A Breach, What Are My Rights? – Find out what your rights are if your personal data has been breached.
- How To Report A Data Breach Incident – Further guidance on what steps you should take when reporting a data breach incident.
- Lost Or Stolen Paperwork Data Breach Claim – A helpful guide on the steps you could take to seek compensation following a similar incident.
- Find out if you could claim if your GP signed off the wrong person in a personal data breach with our guide.
- Learn what personal information can be shared without consent in the UK and find out if you could claim for a personal data breach.
- Advice on making a lost files data breach claim. Get more information on when you could make a claim with our guide.
We hope you have found this guide helpful. If you have any further questions on what to do if a company has misused your personal data, get in touch today.
Guide By Jennings
Edited By Melissa/Mitchell.