Dentist Data Breach Compensation Claims Guide

As with other organisations, a dental surgery has a legal duty of care to keep any personal data it holds about you safe and to prevent it from getting into the wrong hands. In this article, we’re going to look at what scenarios could lead to a dentist data breach compensation claim and when a settlement might be paid.

We’ll try to answer some common questions like, “Can you claim compensation for a data breach?” and “Can I sue the NHS for breach of confidentiality?” The laws surrounding data security changed in 2018 with the introduction of the General Data Protection Regulation (GDPR) which was enacted into UK law by the Data Protection Act 2018. Therefore, we’ll look at how this affects the way dentists handle your personal information.

Dentist data breach claims guide

Dentist data breach claims guide

In most cases, dental surgeries have invested in systems, processes and staff training to ensure that your data is kept securely and only accessed by the organisations you’ve authorised. However, if a mistake happens which leads to a privacy violation, then this guide will explain what options you have regarding compensation claims.

Should you decide that you’d like to start a dental patient data breach claim, Legal Expert is here to help. Our advisors offer a no-obligation assessment of any claim as well as free advice on how to proceed. If the claim appears to be valid, they’ll refer you to one of our specialist lawyers. If they agree to accept your claim, they’ll work for you on a No Win No Fee basis.

To start your claim right away, please contact Legal Expert on 0800 073 8804 today. Alternatively, please read the rest of this guide to find out more about claiming compensation for the harm caused by data breaches.

Select A Section

A Guide to Dentist And Dental Patient Data Breach Claims

There won’t be many people who haven’t heard of GDPR by now as it’s something most people come across on a near-daily basis. That said, you might not realise that when you click on the ‘agree’ button that pops up annoyingly on websites, you’re allowing the site to collect information about you and how you use the website. The pop-up box is the method the website uses to comply with some of the GDPR rules.

When you register with a dentist or sign up for a new service, you might have to fill in forms containing personal information. You might also be asked if you agree that the dental surgery can share your information with other NHS services and some private organisations too. These forms are the method dental surgeries use to help ensure they comply with GDPR regulations.

Over the course of this article, we’re going to look at how a dentist data breach could happen, what the surgery should do, and when you may seek compensation for the damage caused.

If you’re considering claiming for a medical data breach, you’ll usually have 6-years to start your case. If the claim is regarding a breach of your human rights, then you’ll only have 1-year to start the case.

While 6-years is a long time, we’d advise you to discuss your claim with a solicitor as soon as you can. That’s because it’s so much easier to remember how things happened in the weeks and months after the incident rather than years down the road.

Once you’ve completed this article, please get in touch if you have any questions you’d like answered or if you’re happy to start your claim right away.

What Is A Dentist Data Breach?

You might think of data breaches as being when a hacker bypasses network security to access information about you that’s contained on the dentist’s computer system. That is just one example of how they can happen. The definition of a data breach, with regards GDPR, is when information containing personal data is lost, destroyed, disclosed, accessed, or viewed by people or organisations who you’ve not granted permission to.

Whether the data breach was deliberate or accidental, you could be entitled to seek compensation for the harm it caused. As well as cyber-security breaches, simple human errors can cause medical data breaches. For instance, if the dentist leaves a patient in a room and your medical notes are on the screen, the other patient could read (access) sensitive information about you without your permission. Another mistake that could happen is where the surgery emails another patient with details about your medical history inadvertently.

If you believe you’ve been the victim of a dentist data breach and would like to find out if you could be entitled to compensation, then please feel free to contact our team of specialists today.

The GDPR And Data Protection In Dental Practices

GDPR rules were put in place to give individuals better control over who holds personal information about them, who can access it, what it can be used for and who it can be shared with.

For the purposes of this guide, personal information is any data which can be used to identify an individual either directly or indirectly. That data could include names, gender, location details, ethnicity, email addresses or biometric information.

There are certain roles assigned to people who handle data under GDPR. Anybody who is classed as a data processor needs to abide by several data principles including:

  • Any data subject i.e. the patient, needs to be told about the reason behind why their data is being processed.
  • Any personal information that’s recorded must be kept up to date.
  • Processing the data must be fair, transparent and within the law.
  • Any data held must only be retained for the length of time that was agreed at the point of collection.
  • The minimum amount of data required to meet the agreed objectives should be obtained.
  • Any information should be processed securely and confidentially. Some data might need to be encrypted for instance.
  • The data controller (the person who holds the data) must be able to show that they’re compliant with the principles listed.

If you believe that your dental surgery has failed to uphold GDPR laws and your data has been exposed or there’s been a privacy breach, please contact our team for free advice on whether you’ll be allowed to begin a data breach claim.

How Could A Dental Surgery Breach Data Protection Laws?

It’s often the case that we’ll hear about large scale privacy violations caused when data is hacked by activists. In dental surgeries though, the type of data breach that’s more likely to happen is as a result of human error.

To prevent a dentist data breach from happening, the management of the practice should invest in training, processes and technical solutions to make sure that they are as GDPR compliant as possible. If they fail to do so, and your personal information is leaked in some way, you could be entitled to ask for compensation for the harm caused by a data breach.

Here are some data breach examples which could lead to a claim:

  • Where your personal information is given to organisations which you’ve not authorised.
  • If your personal medical information is posted or emailed to another patient by mistake.
  • Where staff, medical or otherwise, access your data when there’s no reason to do so.
  • If the surgery’s computer systems become victims of viruses, ransomware or malware.
  • Where another patient sees your medical records because they’ve been left out in full view.
  • If the staff fail to lock their computer screens and somebody who’s not been authorised reads information about you.

There may be cases where the dental practice doesn’t find out that your data has been breached but, if they do find out that it’s happened, they need to take steps to inform you of when it happened and what information was leaked.

If you’ve been made aware that a dentist data breach of your personal data has occurred, and you are considering claiming compensation, please let Legal Expert know what’s happened. Our staff will review your claim for free and let you know the next steps you should take.

Dentists And Dental Practices Fined By The ICO

While there haven’t been many reported incidents of dentist data breaches which have required investigation by the Information Commissioner’s Office (ICO), legal action is being taken by a group of dentists against the British Dental Association (BDA).

The data breach occurred on July 30, 2020, and the BDA emailed its members in August the same year with a warning that their data may have been breached in a data hack. The ICO is investigating what happened but has not yet reached a conclusion.

The BDA said at the time that they were unsure what data was exposed in the breach and was said to still be investigating the incident. The BDA doesn’t have access to patient’s medical records so there’s no risk of patient data having been breached. However, they do hold bank account information which the dentists use to collect direct debit payments from their customers.


The reason we’ve listed this case in our guide is that the affected dentists have decided to start their claim against the BDA before the ICO have completed their investigations. We’ll explain how this can happen in the following section and how our solicitors could help you begin a claim even if you’ve not reported the data breach that’s affected you to the ICO.

What Powers Does The Information Commissioner’s Office Have?

As you might imagine, the data breach claims process is not always straightforward. The idea of claiming is to compensate you for any harm that the breach has caused you, whether that’s financial harm or if you’ve suffered psychologically. To make your claim, you’ll need to provide evidence of how your data was exposed and who was responsible.

While it’s possible to raise an official complaint with the dental surgery in question, you might not always receive satisfactory results. There are times where you might have to ask the Information Commissioner’s Office to investigate on your behalf.

There are two things to bear in mind regarding the ICO. Firstly, they won’t usually deal with complaints that are brought to them a long time after the breach happened. You’ll usually need to raise your concerns with them around 3-months after the last meaningful contact with the dental practice.

Secondly, the ICO won’t award any compensation to you for the harm caused by the data breach. The only way you’ll be compensated is by claiming against the dental practice yourself.

As shown in the previous section, you don’t need to have complained or even contacted the ICO to begin a personal data breach claim. However, if it’s not clear how the breach occurred, it’s possible your solicitor will direct you towards the ICO, especially if the dental practice won’t co-operate with your enquiries.

If you’d like Legal Expert to help you claim and 3-months have passed since your last meaningful contact with them, speak to our team of advisors today and let them review your case for free.  If your case is passed to one of our specialist solicitors, they’ll help you decide whether you need to raise a formal complaint with the ICO or not.

How Could I Be Compensated For A Dental Practice Data Breach?

So, when you ask data leak lawyers to make a claim for you, what is it that you can actually claim for? As mentioned earlier, there are two general heads to a data breach claim:

  • Material damage which covers any financial losses you’ve suffered as a direct result of the breach i.e. if the data was used in an identity theft crime.
  • Non-material damage which covers any psychological injuries caused by the data breach.

The list of things your solicitor will claim for will depend entirely on how you’ve been affected by the breach. For instance, some people might suffer long-term financial impacts because their credit file has been ruined by the actions of criminals.

For psychological injuries, your solicitor will need to review how your life has been affected by stress, anxiety, flashbacks, lack of sleep or Post-Traumatic Stress Disorder (PTSD). They’ll also consider whether your ability to work has been affected or your relationships with others.

If you work with Legal Expert, and your claim is taken on, your solicitor will work with you to ensure they fully understand how the data breach has affected you. That’s important because you need to claim for everything at the same time. If you settle your claim with the dentist and then think of something else that you’d like to include later on, you’ll find the additional claim will be rejected.

Why not let our team of specialists manage the legal complexities involved with claiming for you? If you’re ready to start a claim, please use the contact details at the top of the screen to contact us today.

How Could I Be Awarded In Data Breach Compensation?

There is an important case that established the right to claim for a data breach even if you haven’t suffered any pecuniary losses. In the Court of Appeal case Vidal-Hall and others v Google Inc [2015], it was decided that claims for the harm caused by a data breach could be made and compensation should be awarded in line with personal injury law.

As claims are unique and claimants are affected differently, we haven’t used a personal injury claims calculator in this section. Instead, we’ve provided data from a document called the Judicial College Guidelines (JCG) in the table below. The JCG is referred to by solicitors, insurers and courts when determining compensation settlement amounts.

Type of Claim Severity Compensation Range Detailed Information
Post-Traumatic Stress Disorder (PTSD) Moderately Severe £21,370 to £56,180 The suffering caused in this bracket is likely to be significant for the foreseeable future. However, the prognosis for this category will be better than in severe cases and there will be some recovery with the help of professionals.
Post-Traumatic Stress Disorder (PTSD) Moderate £7,860 to £21,730 This type of PTSD claim will be for scenarios where any continuing symptoms aren’t grossly disabling and where other symptoms are almost fully recovered from.
General Psychiatric Damage Moderately Severe £17,900 to £51,460 Claimants in this category will struggle to cope with life in general, education, or work. There will also be problems managing relationships but the prognosis will be good and there some recovery.
General Psychiatric Damage Moderate £5,500 to £17,900 Claimant in this category will also have similar symptoms to those listed above but there will already have been a good amount of recovery and improvement along with a good prognosis.

The figures provided by the JCG are based on how severe your suffering was. To determine this, you’ll be referred to a local medical specialist by your solicitor during the claims process. The doctor or psychiatrist will review your medical notes and ask questions about how you’ve been affected by the leaking of your data. Then they’ll compile a report that will be sent to your solicitor containing all of their findings.

Importantly, we need to point out that medical assessments are so important when trying to prove the extent of your suffering that they are mandatory in all cases.

No Win No Fee Dentist And Dental Practice Data Breach Claims

The cost of hiring GDPR solicitors in the UK is something that puts many potential claimants off from starting a claim. Don’t worry too much about that though as we can reduce your financial risk and stress levels by providing a No Win No Fee claims service for all cases our solicitors accept.

Obviously, the solicitor will need to check there’s a reasonable chance of success before agreeing to work on this basis. Once they’ve done so, if you’re both happy to start the claim, you’ll be given a Conditional Fee Agreement or CFA to sign.

The CFA is what’s used to fund your case. It provides many benefits for you, including:

  • You don’t have to claim anything upfront before the claim can start.
  • There will be no solicitor’s fees charged to you while the claim progresses.
  • If the claim fails, you’ll not be asked to cover any of your solicitor’s fees at all.

Should your claim be won, and compensation awarded, you’ll pay your solicitor a ‘success fee’. This is a percentage of your compensation that’s listed in the CFA and, by law, is capped.

To find out if you’re able to claim using our No Win No Fee solution, please reach out to a member of our team today.

Find A Specialist Lawyer Handling Medical Data Breach Claims

So, now we’ve explained why a solicitor could make the process of pursuing a data breach claim easier, how do you choose one? Well, many people will simply look locally by searching for a ‘data breach solicitor near me’. Others will ask friends for advice and some might turn to online reviews.

All of these are steps that could work for you, but Legal Expert could make the whole process of finding the best solicitor to handle your case a lot easier. Therefore, why not save the hassle of searching and call us today so that an advisor can explain how we could help you start a claim.

Contact Us

If you’ve decided that you’d like to start a claim with Legal Expert, then please use any of the following methods to contact us:

Extra Resources

In the final section of our guide about claiming for a dentist data breach, we’ve added some further guides and resources that you might find useful:

The British Dental Association – A trade union for dentists and dental students in the UK.

The Care Quality Commission (CQC) – The organisation who inspects and rates dental services.

Find A Dental Surgery – An online NHS tool to locate dental services in your area.

Dental Negligence Claims – Advice on starting a claim for suffering caused by dental negligence.

Our Reviews – Find out about what previous clients have said about the service provided by Legal Expert.

Wrong Dosage Claims – Information on starting a claim where a doctor has caused you to suffer because they prescribed the wrong dosage of medication.


Guide by Hambridge

Edited by Billing

    Contact Us

    Fill in your details below for a free callback

    Meet The Team

    • Patrick Mallon

      Patrick is a Grade A solicitor having qualified in 2005. He's an an expert in accident at work and public liability claims and is currently our head of the EL/PL department. Get in touch today for free to see how we can help you.

      View all posts