Are you prey for ambulance chasers?

We’ve had PPI. We’ve had car accidents and the diesel car scandal. Now, the so-called ‘ambulance chasers’ have landed on data breaches. So, how accountable are you when it comes to data protection? Or could a data breach leave you and your business with a settlement sum due to hundreds of claimants?

GDPR and the compensation culture

Although the “no-win-no-fee” mantra might sound appealing if you are a claimant, if you’re defending your case, it could mean heavy losses or perhaps bankruptcy.

If you or your company experience a data breach, there is a whole sector of law ready to take advantage of you. In fact, there are specialist firms set up solely to represent individuals affected by data breaches and other violations of Data Protection law. One company even advertises on late afternoon television! If any such breach or incident causes claimants personal damage, individuals can easily seek compensation.

The infamous case of British Airways

In June 2018, BA experienced a data breach. Hackers took various combinations of names, addresses, bank card and CVV numbers, usernames, passwords and PINs of nearly 430,000 customers and staff.1

Notwithstanding the £20million fine imposed by the ICO, upwards of 16,000 people then claimed compensation for personal damages caused by the incident.2 Although BA did not reveal the final sum they paid out, lawyers estimated the average claim value at between £2,000 and £6,000 per claimant.3 Total losses could have been between £32 and £96m. And if everyone had claimed, the costs would have run into the billions.

British Airways may well have set a precedent. It now has the dubious title of being subject to the biggest ever group litigation or ‘class action’ case over personal data in the UK.2 A class action is a case in which one individual represents a whole set of people in court.

Avoiding data breaches

So, how can you do your best to avoid data breaches? Ensuring your data protection measures are adequate for the type of data you are storing is a sensible start. Think about employing multi-factor authentication if you have sensitive data, and if you don’t already know, make sure you investigate what information each of your employees has access to. Does everyone need the same level of access?

Staff training and awareness are vital too. Individuals responsible for the day-to-day running of a business who are likely to come into contact with any type of personal data need to know how to work appropriately. They should also know what to do if things go awry.

We’re here to help!

We like to help. That’s why we’re offering a free virtual Data Protection Health Check to any business looking to safeguard their clients’ data further. Over a face-to-face meeting, we can provide free advice on your current protection measures, as well as assistance to improve these measures if necessary. And if you’ve got any questions on staff awareness and training, we’d be happy to answer them.

If you don’t have time to meet, take our quick Data Protection Health Check. The results tell you whether your current approach is working, and if not, how to improve it. For further details, contact Dr Sam Linton on 01482 762 392, email, or visit Providing your personal data piece of mind.


  1. Last visited 25.08.21
  2. Last visited 25.08.21
  3. Last visited 25.08.21