Compensation Claim for Bank Exposing Balance to Colleague

82.1 GDPR

Any person who has suffered material or non-material damage as a result of an infringement of this Regulation shall have the right to receive compensation from the controller or processor for the damage suffered.

For the damage covered. So, what is the damage?

On the one hand it somehow feels inadequate and I'd have expected something a little more substantial

For an extremely minor breach, it is seems more than adequate.

If I rejected this offer and went to the Ombudsman, would I be likely to be awarded something more substantial? Or is £250 fairly typical in these issues?

£100-£250 is the dominant range of FOS awards.

Ergates wrote: »

When actual distress has been caused, which would have to be proven in court. It's not an automatic entitlement just because a breach has occurred.

I never said it was automatic. The fact it's distressed OP has been acknowledged by the bank.

IanManc wrote: »

And the case law talks about "distress", not being a bit embarrassed or quite annoyed.

After all, in this case a former colleague got to find out about four transactions on an account. I wouldn't be pleased about that, but it would take a lot more than that to cause me "distress".

I think a sense of proportion is needed.

If I were offered £250 in such a situation I'd snatch their hand off before they changed their minds.

You're making a distinction that is purely semantic. Being embarrassed or annoyed would be encompassed within distress. If you check the Google case, it's actually rather trivial stuff. Someone seeing some ads because of cookies. It seems thinner skins can to taken into account.

The new statute doesn't make reference to distress or anxiety, it just includes "non-material" damage.

I very much doubt a judge would view the £250 as unreasonable. I was merely establishing that where data protection breaches occur, damages are not limited to financial loss.