GDPR Breach. How much compensation?

DJSINGH

Aylesbury_Duck said:

DJSINGH said:

I am now having to be more vigilant for fraud due to the amount of information revealed.

That's not a loss, it's something you should be doing anyway.

But the company have breached GDPR. Shouldnt they suffer some kind of penalty for exposing my details?

KatrinaWaves

DJSINGH said:

Aylesbury_Duck said:

DJSINGH said:

I am now having to be more vigilant for fraud due to the amount of information revealed.

That's not a loss, it's something you should be doing anyway.

But the company have breached GDPR. Shouldnt they suffer some kind of penalty for exposing my details?

Honestly, no. get a grip. People make mistakes. You don't have to hound them and get loads of compo and get upset that youre now gonna get so much fraud on you because of their actions. An apology is fine. An apology and £150 is more than fine.

Aylesbury_Duck

DJSINGH said:

Aylesbury_Duck said:

DJSINGH said:

I am now having to be more vigilant for fraud due to the amount of information revealed.

That's not a loss, it's something you should be doing anyway.

But the company have breached GDPR. Shouldnt they suffer some kind of penalty for exposing my details?

Absolutely correct.  They should be penalised.  That doesn't mean the proceeds of that penalty should be yours.  You've had a decent offer of compensation but that's separate to any regulatory penalty that might be imposed on them.  They could get fined a million quid, it doesn't follow that you are entitled to any of it.

DJSINGH

Ok, thanks guys!

steampowered

£150 sounds incredibly generous. I'm surprised you got offered anything.

waamo

DoaM said:

If you pursue court action for damages* due to the GDPR breach then you may get between £250 and £750 (plus court costs) ... but there's no guarantee you'd win. You could suggest to them that £250 would be acceptable (as this has been the minimum amount awarded in successful GDPR claims), but if they refuse then it would be your decision whether to pursue it or take the money and run.

* GDPR breaches, like harassment claims, allow for claims for damages - there doesn't need to be a quantifiable loss.

This is bang on. I see no relevance in what losses you may or may not have had. In saying that £150 isn't a Micky take as an offer. A court would likely give about £250 but you would have the stress that entails plus a lot of work to put a claim together. It was also take 18-24 months to get there.

Personally I would accept it but you may be able to get an extra £50 or so if your negotiating skills are good. 

DJSINGH

Thanks for your input Waamo. I've attempted a negotiation in and will update in due course.

wesleyad

I'm not sure name and address even crosses the threshold? Surely it's public information. Anything that is on the outside of a letter cannot be considered private information. Nor anything I can get from the land registry etc. For it to be a serious breach there need to either be financial info, personal info that cannot be ascertained elsewhere (such as race, religion, sexual preference) or a reason why common info (such as name and address) shouldn't be divulged (eg abusive ex spouse etc)

shaun_from_Africa

wesleyad said:

I'm not sure name and address even crosses the threshold? Surely it's public information.

Yes, it's information that can easily be obtained from many sources but according to the ICO, a name alone doesn't generally class as personal data but once combined with other information that helps identify someone (such as an address), the information may then be classed as personal information and subject to the requirements of the GDPR.
https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/what-is-personal-data/what-are-identifiers-and-related-factors/

By itself, the name ‘John Smith’ may not always be personal data because there are many individuals with that name. However, if the name is combined with other information (such as an address, a place of work, or a telephone number) this is often sufficient to clearly identify one individual.

born_again

Question is who is the 3rd party and why where they passing the info on? 

Is the £150 due to your incorrect email or because they CC your partner?