Butlin’s Data Breach Compensation Claims Guide – How Much Compensation Can I Claim?
What Should You Do If Your Data Was Accessed Or Breached?
In this guide, we explore what you could do after a potential Butlin’s data breach. It is normal for businesses such as Butlin’s to collect, process and store personal data from individuals for operational purposes. Personal data that holiday companies might store includes that relating to customers and employees.
Under data protection law, businesses should take measures to protect the personal data that they collect. If a data breach is caused by the positive wrongful conduct of a business, it could be liable for the financial loss or mental harm it causes affected individuals.
If you have been affected by a data breach under such circumstances, you may be eligible to claim compensation. Our advisors can connect you with our solicitors to handle your data breach claim.
If you have evidence of a valid claim, call us for your free telephone assessment on 0800 073 8804. Alternatively, use our website claims form to write to us. We also have a live chat where you can get instant online answers.
If you have legitimate grounds to claim compensation, we can connect you with a No Win No Fee solicitor to handle your case. Our advisors are available 24/7 and give free legal advice. In addition, you’d be under no obligation to proceed with our solicitors’ services. So why not reach out?
Select A Section
- A Guide To Data Protection Breach Claims Against Butlin’s
- What Is A Claim For A Data Breach By Butlin’s?
- What Are The Consequences Of Breaches Of The GDPR?
- Butlin’s Data Hack Incident
- Ways The Information Commissioner’s Office Could Help
- Types Of Damages Which You Could Be Awarded
- Compensation Calculator For Data Protection Breach Claims Against Butlin’s
- What Is Involved In Making A Data Breach Claim?
- Why Choose Legal Expert For A Data Protection Breach Case?
- No Win No Fee Data Protection Breach Claims Against Butlin’s
- Contact Us
- Additional Claims Resources
Butlin’s is a chain of seaside resorts operating in the United Kingdom. At the present time, there are three Butlin’s holiday camps: Butlin’s Minehead, Butlin’s Skegness and Butlin’s Bognor Regis.
As a business, Butlin’s may collect, process and store personal data belonging to guests who use their holiday parks. Personal data is information that can help identify you. It can include your name, for example, or address.
It is necessary for Butlin’s to collect guest data in order to operate their business. However, many businesses have to collect, process and keep data about their employees too. This can include personal contact details and payroll information. These activities are also essential for operating purposes.
Businesses that decide how and why they’ll process personal data are otherwise known as data controllers. The people whose data they process are data subjects. Therefore, employees and holidaymakers can be data subjects.
Data Protection Law
The General Data Protection Regulation (GDPR) is an EU law. This is enacted into UK law by the Data Protection Act 2018. The Data Protection Act sits alongside the UK GDPR. They’re both a part of overarching data protection law.
In order to comply with these laws, data controllers could do the following:
- Have internal processes in place to protect the personal data that they collect and hold.
- Only collect personal data from members of the public if the individual has given them permission to do so. They should explain what purpose the data will be used for at the time that it is collected.
- The data that is collected should not be used for any other purposes than the one initially stated. However, there may be lawful exemptions to this.
Complying with the UK GDPR allows data controllers to protect themselves from personal data breaches, hacks and phishing attacks. If a data breach occurs which is caused by a failure on the part of the data controller, it could be held liable. As a result, those who have been mentally or financially affected because their personal data was involved may be eligible to claim compensation.
The Information Commissioner’s Office (ICO) is responsible for enforcing data protection law. It also has the power to fine businesses that commit data protection breaches.
Time Limits For Data Breach Claims
If you wish to make a data breach claim, there is a time limit for doing so. Personal data breach claim time limits are generally as follows:
- 6 years; or
- For cases involving a violation of the claimant’s human rights, 1 year.
A data breach is when there is a breach in a business or organisation’s data protection security. This then leads to personal data being lost, destroyed, altered, accessed by unauthorised persons or disclosed. This would happen unlawfully and can be a consequence of deliberate actions or accidents.
Why do data breaches happen?
Some data breaches take place because of illegal activity. For example, there could be a hack where a hacker breaches the company’s data security system. They may do so to steal payment details such as credit card numbers to commit fraud, hold the data to ransom or use names and email addresses to try to commit email scams such as phishing attacks.
Data controllers should have adequate online security systems in order to protect against criminal attacks.
A data breach can also occur due to human error. For example, if the company sends a customer a letter but accidentally uses the home address of another person, the guest’s personal data contained in the letter could be shared with a third party without a lawful basis. Although the intention may not have been malicious and the data breach may have been an honest mistake, the incident could still cause stress.
Not all personal data breaches will result in compensation. However, if a company’s positive wrongful conduct causes a personal data breach, and this causes data subjects to suffer financial loss or mental harm, they could be liable. The data subjects could claim.
Call Legal Expert today to enquire about making a data breach compensation claim. If we can see that you have legitimate grounds to claim, a skilled solicitor could start working on your case right away.
We have already touched upon the fact that businesses are supposed to comply with the UK GDPR. The purpose of the UK GDPR is to protect the privacy of individuals when their personal data is processed and give them more personal control over how their data may be used going forwards.
The General Data Protection Regulation highlights the following roles that have a part of play in the data collection process:
- The data subject is an individual whose personal data is collected by the business. They could be an employee, guest or anyone else who has a relationship with the business. These people may also be called stakeholders.
- The data controller or data controllers are the company or organisation (for example) that collects, processes or stores personal data.
- Alternatively, a business might hire a data processor. A data processor is another organisation, for example, that is appointed by the data controller to handle the personal data through their direction.
Data Protection Law Breaches: Consequences
The data processor and/or data controller should follow these rules when collecting, storing and processing personal data:
- Data collection should be done by consent. A data processor and/or data controller should ask permission from the data subject to collect their personal data.
- The data that has been collected should be kept up to date.
- The data controller and/or data processor should explain what purpose the data will be used for to the data subject when their data is collected. It should not be used for any other purpose unless there’s a lawful basis. For example, Butlin’s should not send their customers marketing emails unless they have opted to receive them. However, they may be able to share their personal information with emergency services (without the person’s consent) if the data subject’s life is in danger.
- The data processor and data controller should comply with all relevant data protection laws and regulations.
There are other points that they should comply with too. And breaches of data protection law can lead to:
- The data controller/processor being investigated or fined.
- Data subjects suffering financial loss or mental harm.
- Potential data breach claims.
Unfortunately in 2018, a Butlin’s data hack occurred, which resulted in hackers possibly stealing guest records from the business. It is believed that up to 34,000 stolen guest records might have been affected.
Butlin’s apologised to the guests and explained that financial information such as bank account and sort code numbers were secure. However, personal data which was potentially accessed included names, home addresses and phone numbers.
How did the potential Butlin’s data breach occur?
The data breach was thought to have happened because of a phishing attack. Phishing is where a scammer poses as a reputable party (often by email or phone), to gain information from the recipient.
For example, a phishing email may be sent to an employee by a scammer posing as a legitimate business asking for login information. If the employee parts with the information, the scammer may be able to access the company database.
It is very important that companies have data security to protect the personal data that it holds. This can include online security and training staff to recognise potential scams.
How Holiday Companies Could Breach Guest’s Data Security
Personal data breaches can happen for a number of reasons, including simple human error. For example, an employee may lose a device such as a work laptop and not have password protection on the item. If the laptop has files containing personal data, there is a risk of data exposure if the laptop is found and accessed by someone else.
There are also incidents where a data breach occurs due to an insider threat. This is when a person inside an organisation, such as a disgruntled employee’s intentional actions causes a data breach.
Personal data breaches can also occur if hackers or scammers use malicious software (malware) or a phishing attack, for example, to breach the company’s data security system. This means that the hackers can ransom the data, destroy the data, or use the data to commit identity theft or fraud.
If you were mentally or financially affected by a data protection breach incident, you may be eligible to claim compensation. However, you’d have to ensure that the data breach was caused by the company’s positive wrongful conduct. Contact Legal Expert today about making a data breach claim.
The Information Commissioner’s Office (ICO) is responsible for upholding personal information rights and has the authority to fine businesses and organisations that violate the UK GDPR and the Data Protection Act 2018.
Although the ICO cannot help you to claim compensation, they can investigate and impose a fine if a data breach occurs. These measures aim to help keep the company accountable and incentivise them to avoid data breaches taking place in the future.
Before you contact the ICO, we recommend that you first write a formal complaint letter to the company about the data breach. The ICO has guidance on raising concerns to companies.
If you have not received a satisfactory response from the company, you could escalate your concerns to the ICO. Please do so within three months of your last meaningful communication with the company. This is because the ICO may not investigate complaints that are filed later.
For many, being the victim of a data breach can be just as distressing as being mugged or having your house broken into by burglars. Having your personal information exposed to potentially malicious actors can leave you vulnerable to fraud or identity theft, for example.
If your data protection breach claim is successful, you could claim the below.
- Material damages: This is compensation for any financial losses you have suffered because of a data breach. This can include money stolen from your bank account, for example.
- Non-material damages: This is compensation for the psychological damage caused by the data breach. For example, you may have experienced stress, depression or anxiety.
The case Vidal-Hall and others v Google Inc  paved the way for those who want to claim compensation for psychological harm caused by a data breach. Before this case, you weren’t able to claim for mental harm unless you suffered financial loss too.
You can use the compensation table below to estimate how much compensation you may be able to claim in non-material damages. The amounts in this table are based on guidelines by the Judicial College. These guidelines show how much compensation can be awarded for varying injuries.
|Type Of Psychological Injury||Notes On This||Settlement Award Guidelines|
|Severe Post-Traumatic Stress Disorder||In cases of severe PTSD, all parts of the person's life will have been affected. They may suffer some degree of permanent symptoms.||£56,180 to £94,470|
|Moderately Severe Post-Traumatic Stress Disorder||Persons in this category will have a much better prognosis if they have access to professional medical help. Whilst this is the case, the symptoms may still disable the person for some time.||£21,730 to £56,180|
|Moderate Post-Traumatic Stress Disorder||Whilst a good recovery is expected to take place, there could be some remaining symptoms.||£7,680 to £21,730|
|Less Severe Post-Traumatic Stress Disorder||Practically full recovery within one to two years.||Up to £7,680|
|Severe - Psychiatric Injury||Persons will have marked degrees of problems with coping with work, with education and with other aspects of life.||£51,460 to £108,620|
|Moderate - Psychiatric Injury||Persons may be affected in different ways, but they will have a good prognosis for the future.||£17,900 to £51,460|
|Less Severe - Psychiatric Injury||Compensation settlements will take account of how long and how much the person has been affected by the injury.||Up to £5,500|
The compensation table above does not include any material damages that you may be able to claim. Every claim is different so we advise you to speak to one of our advisors who will be able to provide you with an estimate of how much compensation your claim could be worth.
Legal Expert could help you if you’re able to make a data protection breach claim. Call us today and we can connect you with a skilled lawyer to handle your claim. Our lawyers could collect evidence to support your compensation claim and negotiate with the other side to win your case. These sorts of claims are normally settled out of court.
If you have been harmed psychologically and/or financially because of a data protection breach, Legal Expert could help you.
What are the advantages of choosing our solicitors to handle your claim?
- They have experience.
- They can work on your claim from anywhere in the country, meaning you’re not restricted to the services of local solicitors.
- Our solicitors can value your claim accurately and negotiate hard on your behalf to win you the compensation you could be entitled to claim.
- Our solicitors all work on a No Win No Fee basis.
Don’t just take our word for it. Read reviews written by satisfied customers.
If you trust Legal Expert to handle your data breach claim, you can make a No Win No Fee claim.
In cases that aren’t covered by a No Win No Fee solicitor’s services, the solicitor may charge the client an upfront solicitor’s fee, which is not refundable if the compensation claim is not successful. This is not affordable for everyone and also involves a degree of financial risk as the solicitor’s fee cannot be recovered if the client does not receive their compensation.
With a No Win No Fee claim, you would not have to pay a solicitor’s fee upfront. Instead, you would be charged a success fee only on the grounds that your solicitor wins your compensation claim.
If your solicitor won your claim, their success fee would be deducted from your compensation payout. This success fee is a small percentage of the compensation and is lawfully capped.
Read our online guide to making No Win No Fee claims for more information or contact us for your free consultation.
If you have legitimate grounds to claim compensation for the harmful effects of a data breach caused by a company’s failings, contact Legal Expert today. Contact us using any of the methods below:
- Call Legal Expert on 0800 073 8804.
- Use our online claim form to reach us.
- Chat to an advisor using the Live Support widget on our page.
If you wish to learn more about making a No Win No Fee claim for a data breach, please consider reading the following guides.
We also recommend these external sources:
Personal Data Breaches: an ICO explanation
Make a complaint to the ICO about a data breach
Thank you for reading our guide exploring what you could do after a potential Butlin’s data breach.
Written by Chelache
Edited by Victorine