Does an organisation have to be fined by the ICO before you can make a data breach compensation claim?

data breach compensation

The Information Commissioner’s Office (ICO) is an independent authority. Part of its job is to make sure that organisations across the UK keep our data safe. Every year, the ICO imposes fines on all kinds of businesses, government bodies and other parties that fail to do this. The ICO can also ensure that these organisations take steps to protect our data in future better.

But, while the ICO has the power to impose hefty fines, it does not award compensation to victims. That being said, you do have the right to ask the ICO to assess if an organisation has breached data protection legislation. And, once an organisation has been found guilty by the ICO, you can use that information to support a data protection compensation claim.

However, what many people don’t understand is that they can proceed with a data breach compensation claim even if the ICO has not investigated a breach, or found an organisation guilty of negligence.

This is important because, following the introduction of the GDPR (the latest EU-wide data protection legislation), the ICO is going to be busier than ever.

Data protection under the GDPR

Under the new rules, organisations have a greater responsibility towards protecting our data than ever before. And, experts predict that this could lead to an increase in data breach complaints. So the burden on the ICO is going to make it difficult for its officers to investigate every complaint as quickly as you might hope.

In fact, even before the legislation came into play last month, the ICO tweeted: “Sorry, we are extremely busy in the run up to GDPR & are experiencing unprecedented demand across all our services”. And, over the last few weeks, the ICO has also apologised for the “considerable” wait time on its helpline due to “high demand for our services”.

Making matters worse, according to reports, the ICO has only collected half of the data breach fines it has issued since 2010. Often because it doesn’t have the power it needs to enforce payment. So often these organisations are going unpunished for their failures.

So, what can you do if an organisation has failed to protect your data, but you don’t have the weight of the ICO behind you?

Making a private data breach compensation claim

You can make a compensation claim against a company without going to the ICO. When you make a private complaint, your case goes before a judge in a civil trial to seek recovery of any losses and the payment of compensation. Often these cases are settled out of court. Proceedings can be started quickly, without the uncertainty associated with whether the ICO will investigate the incident.

What’s more, even if you have already contacted the ICO about a potential breach, Hayes Connor Solicitors can still investigate your claim. We will work with the ICO to gather as much evidence as possible to help you succeed. But, where we don’t feel things are moving fast enough, or where we don’t agree with the findings of the ICO, we can still help you to pursue a private claim.

While each case will be judged on its merits, as experienced data breach lawyers, we can advise you on what you can include in your compensation claim and your chances of success. In most cases, the minimum level of damages to be sought at settlement stage would be between £750 and £1,000.


0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply