When the GDPR (General Data Protection Regulation) took effect, so much attention was paid to organisations’ compliance burdens that most people overlooked one of its main intentions, which was to give individuals more control over the way their information is used.
Regulators understood that when data breaches occur, the biggest victims are often the people who that data belongs to. Sure, organisations suffer plenty too, but victims can have their bank accounts drained, their email addresses can circulate the dark web and populate spam lists, their passwords can be leaked and sensitive personal information can be revealed for anyone to see.
Thankfully, the GDPR has given individuals the possibility to claim compensation when that happens. They can also receive compensation for “non-material” breaches, which usually occurs when an organisation improperly processes information or fails to respond to a data subject access request.
There are two ways to seek compensation.
Discover more about the GDPR in our free green paper, EU General Data Protection Regulation – A Compliance Guide
1. Contact your supervisory authority
Each EU member state has its own supervisory authority that oversees GDPR compliance. If you’re unhappy with the way an organisation handles personal data, you should file a complaint by email or over the phone.
Supervisory authorities don’t have the authority to award compensation to individuals, but you can use the results of the investigation to support a legal claim.
2. Make a claim directly
The problem with contacting your supervisory authority is that it could take a while to get an answer. It will usually have hundreds of complaints to investigate each year, and each one times time. You might therefore prefer to skip that step and go straight to making a legal claim.
Without the results of the supervisory authority’s investigation, your case will be weaker and you’re less likely to receive the highest possible compensation, but proceedings can be started quickly and are often settled out of court.
Is your organisation ready for a breach?
Compensation payments might end up being the most expensive part of a data breach for organisations. With legal fees, potential penalties and however much is needed for recovery efforts, the costs of a data breach can stack up.
It’s therefore essential that you do everything you can prevent incidents and respond promptly when they occur. You can find out how prepared you are by taking our breach readiness questionnaire.
We ask you a series of simple questions about your organisation’s setup and provide tailored advice on what you can do to better prepare yourself.