When Can You Claim For A Data Breach By A Data Processor?

Having your personal information compromised in a data breach can lead to you suffering emotional and/or financial harm. In this guide, we will cover how you can claim for a data breach by a data processor. 

Data processors are responsible for processing your personal information for an organisation. Before we explain who data processors could be, we explain what legal responsibilities they have under data protection law and when you could be eligible to claim for a data breach by a data processor. 

After this, we explain what evidence you could collect to prove that a data processor has breached your data protection. Additionally, we look at examples of guideline figures for a data breach claim. 

We also explain how No Win No Fee agreements work at the end of this guide, should you have an eligible data breach claim and wish to be represented on this basis. 

Our team of advisors may be able to connect you to our panel of specialist No Win No Fee data breach solicitors once they have confirmed your claim eligibility. So, to have a chat about your circumstances, please use one of our free contact services below:

The words 'data breach' written on a red stop sign with a plain white background.

Jump To A Section

  1. Can I Claim For A Data Breach By A Data Processor?
  2. What Is A Data Processor?
  3. How To Show A Data Processor Breached Your Data Protection
  4. Examples Of Payouts For Data Processor Breaches
  5. No Win No Fee Data Breach Claims
  6. Further Information On Making A Claim For A Data Breach By A Data Processor

Can I Claim For A Data Breach By A Data Processor?

The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA) are the two pieces of data protection legislation that outline what responsibilities data controllers and data processors have in regards to your personal information. These parties must ensure that your personal information is handled, stored, and processed safely. We explain what a data processor and a data controller are in the following section. 

If the above laws are not adhered to, this is wrongful conduct. In some cases, wrongful conduct can lead to a personal data breach. The Information Commissioner’s Office (ICO) defines personal data breaches as an incident of security that compromises the integrity, availability, and confidentiality of one’s personal information. The ICO is an independent body that upholds information rights for UK residents. 

Moreover, Article 82 of the UK GDPR establishes what criteria must be met in order to have an eligible data breach compensation claim:

  • A data processor or data controller did not adhere to their responsibilities outlined under the UK GDPR and DPA. For example, a data processor did not implement secure cyber security systems to protect the personal data they were processing.
  • Because of this, your personal information was compromised in a data breach. For example, there was a cyberattack due to there being weak online security measures in place.
  • You suffered emotional and/or financial harm due to the breach. 

A data controller has different responsibilities under the UK GDPR than a data processor. The processors work solely in the interests of the controllers.

Time Limits

There is also a limitation period in which you must begin a claim for data protection breach compensation. This time limit is generally 6 years, although there are certain exceptions.

Speak to an advisor from our team to confirm whether you are eligible to make a data breach claim today.

What Is A Data Processor?

Data controllers are organisations that decide how and why your personal information should be processed. 

Data processors are parties that actually process your personal information, typically on behalf of data controllers. 

If data controllers do not want to outsource the task of processing personal information to an alternative party, then they could decide to process personal information themselves. 

Therefore, if your personal information was exposed due to a data processor not adhering to data protection law, then please contact us and explain your circumstances. You may be able to claim for a data breach by a data processor.

A close up of a white keyboard. On the shift key below the enter bar, there are the words 'data breach' written with a green background and a purple envelope symbol.

How To Show A Data Processor Breached Your Data Protection

Providing evidence can prove that a data processor did not adhere to data protection law. Evidence can also prove how a personal data breach has happened and if you have suffered financially and/or emotionally. 

Thus, below are the different types of evidence that you could collect to strengthen your data breach claim:

  • Medical records. Getting copies of your medical records and keeping a symptoms diary can show how you have been affected psychologically due to a data breach. 
  • Financial records, for example, bank statements or payslips. This can show what finances you have lost due to a data breach. 
  • Emails or letters of correspondence between you and the responsible party. If your rights and freedoms have been compromised in a data breach, the responsible party (in this case, the data processor) must send a notice letter to let you know, without undue delay, that a data breach has occurred. The responsible party must also let the ICO know that a data breach has occurred within 72 hours of being aware of it. 
  • Investigation findings. If the correspondence from the responsible third party has not been adequate, you can report this to the ICO. While the ICO is not obligated to investigate the incident, they could choose to. If they do, you can keep hold of their investigation findings.

If you are eligible to make a data breach claim and are connected with our panel of solicitors, they can help you collect evidence. Collecting evidence is just a part of their services. So, to potentially be connected with our panel, please get in touch with our advisors. 

Examples Of Payouts For Data Processor Breaches

If your claim for a data breach by a data processor is successful, you could possibly receive compensation for both non-material and material damage. You can receive compensation for just one of these types of damage too. 

Non-material damage is the emotional harm suffered following a personal data breach. This includes if you have developed any mental health condition such as stress, depression, Post-Traumatic Stress Disorder (PTSD), or anxiety due to your personal information being compromised. 

While the value of your non-material damage is calculated, your medical records and the Judicial College Guidelines (JCG) may be looked at. The JCG is a document containing different guideline compensation values for different types of psychological injuries.

Compensation Table

Below is a table with different psychological injuries and their guideline compensation values taken from the JCG (the top row is not from the JCG). 

However, no specific amount of compensation can be guaranteed for data breach cases since all claims are unique. 

InjurySeverityGuideline compensation figureNotes
Very severe psychological damage along with material damageVery severeUp to £250,000+An award for very severe mental health damage along with significant financial losses such as lost earnings.
Psychiatric damageSevere (a)£54,830 to £115,730Several areas of the person's life, such as coping with work and relationships with family and friends, will have marked problems. The prognosis is also very poor.
Moderately severe (b)£19,070 to £54,830Several areas of the person's life, such as above, will have significant problems. Although the prognosis will be more optimistic.
Moderate (c)£5,860 to £19,070Although there are problems with several areas of the person's life, there will be marked improvements. The prognosis will also be good.
Less severe (d)£1,540 to £5,860Taken into consideration is the length of time of disability, how much sleep is affected, and how much daily activities are affected.
Post-Traumatic Stress DisorderSevere (a)£59,860 to £100,670All areas of the person's life will be affected which will prevent the person from working at all or from functioning at anything similar to the pre-trauma level
Moderately severe (b)£23,150 to £59,860The person's effects will likely cause significant disability at least for the foreseeable future. However, the prognosis will be better due to professional help and some recovery.
Moderate (c)£8,180 to £23,150Any lasting effects will not be grossly disabling and the person will make a large recovery.
Less severe (d)£3,950 to £8,180Within 1-2 years a virtual full recovery will be made. Only minor effects will persist longer than this.

Material Damage

Material damage is the financial harm suffered following a personal data breach. This includes lost earnings if you had time off work due to the effects of your emotional harm. 

Bank statements, payslips, receipts, and invoices can all be used as evidence to prove what material damage you have suffered due to your personal information being compromised. 

Don’t hesitate to speak with an advisor to learn more about data breach compensation and what the value of your data breach claim could potentially be.

No Win No Fee Data Breach Claims

Our panel of specialist data breach solicitors work on a No Win No Fee basis. Specifically, if you have an eligible data breach compensation claim, you could be offered a Conditional Fee Agreement (CFA). 

If you are represented under a CFA, you will not need to pay anything for your solicitor’s services before or during the claims process. This also stands if you have an unsuccessful claim. 

As such, if you have a successful claim, instead of any fees directly going out of your pocket, a success fee will be deducted from your compensation. Success fees are a small percentage, to which there is a legal cap to the maximum percentage that can be taken. This guarantees that you will receive the majority of your compensation. 

Talk To Our Expert Team

If you are suffering emotional and/or financial harm because your personal data was exposed, please contact us. Our advisors can determine whether you are eligible to claim data breach compensation and can connect you with our panel of No Win No Fee solicitors. To contact us for free:

  • Call 0333 000 0729.
  • Message in our live support chat about data protection breaches. 
  • Submit your information and make an online enquiry

A data breach compensation word cloud, with a magnifying glass over the middle of the cloud that has the words 'data breach' written in red.

Further Information On Making A Claim For A Data Breach By A Data Processor

You can find more useful information about data breach compensation claims by reading our similar guides:

Alternatively, here are some extra resources which you might find useful:

We hope that this guide about how to claim for a data breach by a data processor has been helpful. If you wish to discuss your circumstances with an expert, please don’t hesitate to contact us at any time. All of our contact options are available 24/7.