GDPR Breach. How much compensation?

DJSINGH

Hi

A well known UK body has breached GDPR by emailing my full name, partners full name, partners email address and our home address to a third party.

(I know because my partner was CC and my email was incorrect)

I have complained and they have offered (only) £150 as "goodwill". Do I have grounds to ask for more and under what terminology? Has anyone else asked for more and got it?

davidmcn

Can you describe the loss you've suffered in more detail to us, in order that we can assess its likely value?

Aylesbury_Duck

Grab the £150 and run.  Unless you can quantify what loss you've suffered (like davidmcn, I'd be interested to see how you measure it), you have no grounds to claim more.

If you can demonstrate it's cost you more than £150, go for it.

DJSINGH

I am now having to be more vigilant for fraud due to the amount of information revealed.

DJSINGH

Aylesbury_Duck said:

Grab the £150 and run.  Unless you can quantify what loss you've suffered (like davidmcn, I'd be interested to see how you measure it), you have no grounds to claim more.

If you can demonstrate it's cost you more than £150, go for it.

okay, understood!

Undervalued

DJSINGH said:

I am now having to be more vigilant for fraud due to the amount of information revealed.

If you actually suffer a quantifiable loss as a direct result of the breach, then you would certain be entitled to be compensated. Otherwise anything at all would be a gesture of goodwill and as other have suggested I would take the £150.

If the breach has been reported to the Information Commissioner they maw well impose a penalty on the company.

KatrinaWaves

Who was it emailed to? Another customer/person, or a nefarious criminal?

Many people have access to peoples names and addresses all day long. They dont all use them for criminal acts. 

davidmcn

DJSINGH said:

I am now having to be more vigilant for fraud due to the amount of information revealed.

Are you sure about that? Assuming you live with your partner, the fact you both live at the same address is almost certainly already ascertainable from other sources. Not sure what risk your partner's email address adds to anything.

DoaM

If you pursue court action for damages* due to the GDPR breach then you may get between £250 and £750 (plus court costs) ... but there's no guarantee you'd win. You could suggest to them that £250 would be acceptable (as this has been the minimum amount awarded in successful GDPR claims), but if they refuse then it would be your decision whether to pursue it or take the money and run.

* GDPR breaches, like harassment claims, allow for claims for damages - there doesn't need to be a quantifiable loss.

DJSINGH

KatrinaWaves said:

Who was it emailed to? Another customer/person, or a nefarious criminal?

Many people have access to peoples names and addresses all day long. They dont all use them for criminal acts. 

It doesnt matter, the risk is there and GDPR is breached.

DoaM said:

If you pursue court action for damages* due to the GDPR breach then you may get between £250 and £750 (plus court costs) ... but there's no guarantee you'd win. You could suggest to them that £250 would be acceptable (as this has been the minimum amount awarded in successful GDPR claims), but if they refuse then it would be your decision whether to pursue it or take the money and run.

* GDPR breaches, like harassment claims, allow for claims for damages - there doesn't need to be a quantifiable loss.

This is useful, thank you!!

Aylesbury_Duck

DJSINGH said:

I am now having to be more vigilant for fraud due to the amount of information revealed.

That's not a loss, it's something you should be doing anyway.