Though the GDPR has been in effect for some time now, there are still a few factors about it that are either misinterpreted or misunderstood by not only the general public but also the people required to adhere to its guidelines. Here is a clarification of a few such myths and misunderstandings.
Can anyone claim compensation for data protection breach?
Yes. According to Article 82 of the GDPR, a person who suffers non-material or material loss or damages due to an infringement of the GDPR regulation has a right to be compensated by the processor or controller of the information for all damages they suffer. The same Article 82 goes on to explain that the GDPR breach compensation claims should be presented before courts of law within the member states. Meaning that, all GDPR breach compensation claims should be presented directly to the court and not the ICO (Information Commissioner’s Office). The ICO is an independent authority that governs the use of personal data by organizations. As such, it is mandated to fine organizations that act in breach of the GDPR.
How much compensation can be claimed?
Currently, there are not guidelines on how much GDPR breach compensation can be awarded for a claim. This can be attributed to the fact that GDPR has not been in effect for long and therefore, there lacks a case law in its favor. However, under the previous Data Protection Act of 1998, the breach compensation rates were between £750 and £1,000. Note that, the GDPR breach compensation claims and the ICO fines imposed on organizations are very different. The ICO investigates and determines whether an organization failed to comply with GDPR guidelines and if found guilty, the organization is slapped with a monetary penalty can be hefty based on the value of an organization. Therefore, monetary penalties issued by the ICO should not be confused for GDPR breach compensation.
Does ICO assist with GDPR breach compensation claims?
Though the ICO is not mandated to issue GDPR breach compensation, it can be of help by assessing the organization is question to determine whether it breached the GDPR guidelines or not. The results offered by the ICO can be used as evidence that the GDPR breach occurred in a court of law. Moreover, if you feel as though your personal data was misused by an organization, you can always contact ICO and request them to investigate the organization for a possible GDPR breach. Note that, if the GDPR breach occurred, the ICO will advise you on the next cause of action.
Do you cater for the GDPR breach claims costs?
As aforementioned, claims for the GDPR breach compensation must be presented before a court of law. But, it is possible that your GDPR breach claim will be less than £10,000. As such, you will be responsible for your own legal fees and costs incurred. Even when the GDPR breach compensation claim succeeds, you cannot claim the incurred cost from the organization in breach. This is because, the claims under £10,000 value are presented before the small claims court where every party is responsible for their legal fees and costs. This is crucial factors that everyone should consider before deciding to file a GDPR breach compensation claim.