If you can prove that you are the victim of a personal data breach that has led to a financial damages or distress, you should be able to claim compensation. If you have discovered that you have been the victim of a personal data breach, or you have found that your information has been misused in a manner that breaches the Data Protection Act 2018, then get in touch with us today.

Businesses, government bodies and many other organisations collect, process and store an increasing amount of information and personal data . A number of laws have been introduced in Ireland and across the EU to protect people’s personal data.

A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes. It also means that a breach is more than just about losing personal data. There will be a personal data breach whenever any personal data is accidentally lost, destroyed, corrupted or disclosed; if someone accesses the data or passes it on without proper authorisation; or if the data is made unavailable and this unavailability has a significant negative effect on individuals.

Who can make a data protection breach compensation claim?

According to the GDPR, anyone living in the EU can make a claim after a data protection breach has caused them to suffer ‘material or non-material damage’. In order to make a successful claim, it must be proved that the claimant has suffered as a result of the breach. The success of a claim and the amount of compensation that will be awarded will depend on the severity of the damage caused to the claimant.

What can you claim data breach compensation for?

Article 82 of the GDPR states that ‘Any person who has suffered material or non-material damage as a result of an infringement of this regulation shall have the right to receive compensation from the controller or processor for the damage suffered’.

A compensation claim can be made even if the claimant has not suffered any financial loss. This can arise in circumstances where a financial institution places, in error, a negative credit report with the Irish Credit Bureau. It can arise against a social media site if they publish your personal data after a person had their privacy settings to block third party cookies or the release of personal data. Other examples arise, where a financial institution, medical advisors, government agencies etc send a claimant’s personally sensitive information to the wrong address. A further example, is the recent issue surrounding the Department of Health secretly gathering information from private doctors to create dossiers on children with autism involved in legal actions against the state.

General data protection principles set out in the relevant pieces of legislation include:

  • Your data can only be collected, processed and stored for specifically stated and legitimate purposes
  • The data collected must be limited to only what is necessary for the stated purposes
  • The data should be accurate and kept up to date
  • Your data should be stored for no longer than is necessary for the stated purposes for which it was collected
  • Your data should be handled with appropriate security, including against unauthorised access, accidental loss and damage
  • You have the right to see what data a company or other organisation holds on you
  • You have the right to ask for your data to be deleted where it is no longer required for a legitimate purpose

Our experienced data breach solicitors specialise in:

  • Data breach claims
  • Misuse of private information
  • Breach of the Data Protection Act
  • Breach of confidentiality