DVLA Data Breach – Can You Get Compensation?
By Ed Robinson. Last Updated 27th June 2022. Any organisation that holds our personal information must take steps to protect it. The same is true of the Drivers and Vehicles Licensing Authority, also known as the DVLA. A data breach committed by an organisation of this size could impact significant numbers of people.
It may be that your personal data has been exposed, and it has harmed you financially or caused distress.
After all, the consequences of a data breach could be that someone gains access to enough personal data to steal from you. Even if they don’t, the stress and anxiety surrounding the exposure could leave you psychologically harmed.
The DVLA, like all data controllers and data processors, should take steps to protect your personal data. If you can prove that it acted wrongfully, thereby exposing your data, you could be eligible to claim compensation for the resulting harm you suffer.
How This Guide Could Help
We have created this guide to explain what you may need to know before claiming compensation.
We also take a look at recent reports of the UK’s data protection watchdog, the Information Commissioner’s Office (ICO) taking action against the DVLA for sharing data with private parking firms.
If you’d like to ask us anything about this or get a free eligibility check, don’t hesitate to call our advisors.
- You can reach us on 0800 073 8804
- Speak with us now via our live chat pop-up box
- Or write to us via our contact page
Select a Section
- DVLA Data Breach Compensation Claims
- How Could The DVLA Breach Data Protection Rules?
- How Many DVLA Data Breaches Have Been Reported?
- What Personal Information May Have Been Exposed?
- Calculating DVLA Compensation Claim Payouts
- No Win No Fee Data Breach Claims Against The DVLA
- Start Your Claim For A DVLA Data Breach
- More Help On DVLA Compensation Claims After A Data Breach
If you have been the victim of a DVLA data breach, and you have evidence of a valid claim, you could be eligible to seek compensation for material and non-material damages if you could prove positive wrongful conduct. We look at these damages later in the guide.
All data controllers and data processors in the UK must abide by the data protection legislation in place. In March 2018, the EU brought into force the General Data Protection Regulation (GDPR). This strict data security and privacy law has effects worldwide.
The UK enshrined its application of GDPR via the Data Protection Act 2018 (DPA). It sits alongside an amended version of the UK GDPR.
Under this legislation, those that suffer financial and/or psychological damage because of a data breach that exposes their personal data could be eligible to claim compensation. To make a compensation claim, they would need to evidence that the data controller or data processor had done something wrong, and this has led to the exposure of their personal data and the harm they suffered.
This guide explains what could constitute a breach, and how a person who suffers due to a data breach could go about getting the compensation they deserve. We also look at the Data Protection Act and an example of a DVLA data breach reported in the media.
Click Here To Learn More About Claiming Data Breach Compensation
A breach of data protection could happen in several ways. The Information Commissioner’s Office (ICO) defines personal data breaches as incidents of unlawful or unauthorised:
- Loss of personal data
- Disclosure of personal data
- Destruction of personal data
- Access to personal data
- Alteration of personal data
Personal data or personal information is any information that can be used to identify you, whether directly or indirectly.
Breaches could be accidental or deliberate. They could relate to cyber criminality or could be a result of human error. Some examples could include:
- Sending identifying documents, including driving licences or passports to the wrong address, even though the correct one is on file
- Selling personal data without authorisation
- Disclosing your data to an unauthorised third party without a lawful reason
- Sending personal data to the wrong email address or fax number even though you have the correct information to do this, and the recipient doesn’t have a lawful reason to access it
Let’s take a look at recent reports of action taken by the ICO against the DVLA.
DVLA Breached Data Protection Law Over Sharing Driver Details
When the Data Protection Act 2018 was introduced, the DVLA wrote to the ICO asking for advice on how to share personal data with the likes of private companies.
The DVLA relied upon a lawful basis for sharing which removes the need to obtain individual consent. This basis was a “legal obligation” but the ICO deemed this to be wrong. Instead, it stated that the sharing of data should be classed as a “public task.”
Despite reports in The Guardian of potential claims for compensation for a DVLA data breach, the ICO does not believe that the licensing authority has done anything wrong and that the risk to data subjects is very low.
The issue of claims all centres on whether someone has suffered damage, either financially or psychologically.
If you can prove that you have suffered financial losses or distress or anxiety caused by a DVLA data breach, get in touch to discuss your case with us in more detail.
In response to a Freedom of Information request, 14 departments within the government disclosed that they’d reported breaches of personal data to the ICO from April 2019 to July 2020. 17 departments in total received the Freedom of Information requests.
The DVLA reported having made 181 breaches of personal data notifications to the ICO during this period. During this period, in contrast, the Home Office reported just 25 breaches, and the NHS only 4.
The DVLA requires personal data to issue driving licences and also to process applications for changes of registered vehicle owners. With that in mind, they could hold and process a vast amount of personal data. After all, when applying for a driving licence, you could have sent the DVLA important documents including driving licence application evidence such as old driving licences, passports and even your birth certificate or marriage certificate.
Such documents could contain all a thief needs to steal money from you or commit identity fraud. Whether this happens or not, you could still suffer psychological injury, somewhat akin to mild Post-Traumatic Stress Disorder (PTSD) due to the worry.
This guide aims to help you understand what to do following a DVLA data breach. If you need any legal advice, however, get in touch.
If you make a successful data breach claim, the settlement you receive would depend on factors such as the nature and severity of the damage the breach causes. Generally speaking, you could have the right to claim:
- Material damage – compensation for financial losses caused by the breach. These could recompense you for stolen money or the unrecoverable costs that are associated with restoring a credit file for example.
- Non-material damage – compensation for mental harm the breach causes. This could include a worsening of a pre-existing condition such as anxiety.
To give you a rough idea of the compensation that could be paid out for such damages, we can look at the Judicial College Guidelines (published in April 2022). The compensation table below contains figures from this publication that solicitors use to value injuries.
|Injuries (Type Of)||Compensation Bracket||Level of severity|
|General psychological injury||£51,460 to £108,620||Severe|
|PTSD (Post-traumatic stress disorder)||£56,180 to £94,470||Severe|
|PTSD (Post-traumatic stress disorder)||£21,730 to £56,180||Moderately severe|
|General psychological injury||£17,900 to £51,460||Moderately severe|
|General psychological injury||£5,500 to £17,900||Moderate|
|PTSD (Post-traumatic stress disorder)||£7,680 to £21,730||Moderate|
|General psychological injury||Up to £5,500||Less severe|
|PTSD (Post-traumatic stress disorder)||Up to £7,680||Less severe|
To prove non-material damages, you’d attend a medical assessment as part of the claims process. An independent medical professional would check your psychological injuries and create a report that aims to:
- Establish if the data breach caused, worsened or wasn’t connected to the data breach.
- Assess the severity of the injuries.
What’s more, if you used the services of a solicitor to claim, they could use the report as evidence. They could also use it when valuing your injuries.
Click Here To Check Out Our Data Breach Compensation Calculator
Are you concerned about the upfront costs of funding a solicitor? If so, No Win No Fee claims could benefit you.
If you make a No Win No Fee claim, you don’t pay your solicitor their fee until such time as your compensation comes through.
At the start of your claim, before your data breach lawyer starts work, you’ll need to sign a Conditional Fee Agreement. This document, also known as a No Win No Fee agreement explains what level of success fee you’d pay your lawyer in the event of a successful claim.
If your claim isn’t successful, you don’t pay your lawyer the success fee at all.
Can I Claim Compensation From The DVLA On A No Win No Fee Basis?
For you to make a compensation claim on a No Win No Fee basis, your lawyer would have to make sure it had a favourable chance of achieving compensation. They’d need to assess:
- Whether a breach took place
- What caused the breach – was it due to wrongdoing on the part of the data controller?
- Did you suffer harm (emotional, financial or both)?
- Is your claim within the correct time limits (usually 1 year for claims against public bodies or 6 years for other data breaches)?
Here at Legal Expert, we would be happy to ascertain whether you could have a good chance of claiming on a No Win No Fee basis.
Click Here To Learn More About Working With No Win No Fee Solicitors
Do you have evidence of a valid data breach claim? Either way, we’d be happy to help you. Our solicitors’ service has great reviews and we’d be glad to help you get the compensation you deserve. To reach our advisors, simply:
- Call our helpline: 0800 073 8804
- Email us: firstname.lastname@example.org
- Complete our form and start your claim online
- Use Live Chat to talk instantly online
Below you can find some other guides on data breach compensation claims that you may find useful:
Can Someone Share My Data?– The ICO explains more about data sharing here.
What Is A Personal Data Breach?– Find out more about data breaches here.
Raise Your Concerns To The ICO – Find guidance on data breach reporting here.
Data Breaches By Fax – Find out if you could claim for a fax data breach here.
Blackbaud Data Breach – This data breach is described here.
BCC Data Breach Claims– Find out how a failure to BCC people into an email could constitute a data breach.
Thank you for reading this guide on how to make a claim if you’ve been impacted by a DVLA data breach. We hope you have found it useful.
Written by Jeffries
Edited by Victorine