Royal Free Hospital Data Breach Compensation Claims Experts

100% No Win, No Fee Claims
Nothing to pay if you lose.

  • Free legal advice from a friendly solicitor.
  • Specialist solicitors with up to 30 years experience
  • Find out if you can claim compensation Call 0800 073 8804

Start My Claim Online

Royal Free Hospital Data Breach Compensation Claims Guide – How Much Compensation Can I Claim? – Amounts For Royal Free Hospital Data Breach

I Was Affected By The Royal Free Hospital Data Breach, How Do I Make A Claim?

In this article, we’re going to look at how a Royal Free Hospital data breach could mean you’re entitled to seek compensation. We’ll review a decision by the Information Commissioner’s Office (ICO) regarding a project the Royal Free worked on with Google DeepMind, but we’ll also consider data breaches caused by human error.

The General Data Protection Regulation (GDPR) was enacted into British law by The Data Protection Act 2018. It was introduced to help provide individuals with better control over who can access their data. It also means organisations, such as the Royal Free Hospital, needs to keep all personal data secure. As we progress, we’ll look at the implications of a data breach, explain why compensation could be paid and look at the amounts that could be awarded.

Royal Free Hospital data breach claims guide

Royal Free Hospital data breach claims guide

Legal Expert is able to provide you with support if you decide that making a compensation claim is the route you want to take. Our team of specialist advisors offer free legal advice in conjunction with a no-obligation assessment of any claim. If the advisor believes there’s a chance of making a successful claim, your case will be handed to one of our specialist solicitors. Importantly, if they accept your claim, it will be conducted using a No Win No Fee agreement.

We can be contacted 24-hours a day, 7-days a week. Therefore, if you already know that you’d like to make a claim, please call us on 0800 073 8804. Otherwise, please continue reading to find out more about claiming NHS data breach compensation.

Select A Section

A Guide to Royal Free Hospital Data Breach Compensation Claims

Different organisations use your data in different ways. It will sometimes be used to keep records about you or in other cases it could be used in trials to help improve NHS services. However, under the GDPR, any organisation who wants to use your data must tell you why they want to use it, how it will be used and seek your permission to do so.

In the Google DeepMind project that we’ll review later on, one of the key issues raised by the ICO was that patients weren’t aware their data was being used in a trial. One of the most important points about data processing under the GDPR is that, once you’ve explained your data preferences, organisations must adhere to them.

During the course of this article, we’ll look at what sorts of Royal Free Hospital data breach might occur, when you could be eligible to ask for compensation and what can be included in your claim. Something you should be aware of is the fact that there’s a time limit of 6-years for data breach claims. For cases regarding a breach of human rights, that time limit is reduced to 1-year.

We advise you to consider starting your claim as soon as possible after you find out about the data breach. That way you’ll find it a lot easier to recall what happened and what impact it had on you.

While the ICO might investigate a data breach for you, it is sometimes possible for our solicitors to try and achieve a settlement on your behalf without any ICO involvement. When you’re ready to start a claim, please call a member of our team and they’ll review your case with you, and it could be taken on by one of our specialist solicitors.

What Is A Royal Free Hospital Data Breach?

Now we’re going to look at what a personal data breach is. It is listed in the GDPR documentation as a security breach which leads to the accidental (or unlawful) loss, alteration, destruction, unauthorised disclosure of, or access to, personal data. The reason behind a data breach could be deliberate or accidental.

The case involving the Royal Free NHS Trust and Google DeepMind centred around digital data but there are plenty of other ways in which a breach could occur because printed documents or records are involved. For instance, there have been cases where medical reports containing personal information have been disposed of incorrectly or other cases where files have been sent to organisations who’ve not been authorised to view them.

If an organisation becomes aware of a data breach, and realise it could present a risk of harm, they are obliged to let the ICO and the data subject know. When contacting data subjects, they should inform them when the data breach happened and what information was accessed.

If you believe that you could have a valid Royal Free Hospital data breach claim, why not get in touch with us today for a free assessment of your case?

DeepMind, The GDPR And Hospital Records

The GDPR assigns different roles to individuals or organisations involved in the use of personal data. These roles include:

  • The data subject – In this case, this is the patients of the Royal Free Hospital.
  • A data controller – The organisation that sets out the purpose and means of personal data processing. In this case, the data controller is the Royal Free NHS Foundation Trust.
  • The data processor – An organisation whose role it is to process the data on behalf of the data controller, Google DeepMind in this instance.

Within the GDPR, there is a set of principles which data processors need to comply with. They include:

  • There has to be a legitimate purpose behind data processing and the data subject must be made aware of it.
  • Any data processing should be fair, legal, and transparent to the data subject.
  • Only the minimum amount of data required to fulfil the processing requirements should be collected.
  • Data processing should be carried out securely and confidentially.
  • The data should only be stored for the amount of time agreed when it was processed.
  • All personal data that’s been processed should be kept up to date.

On top of this, the data controller must be able to demonstrate full compliance with the principles listed.

How Could Hospitals Breach Data Privacy Regulations?

In this section, we’re going to look at different ways in which a data breach could happen in a hospital. While the DeepMind breach was related to digital data, we’ll also provide more common examples that could be caused by human error.

The following list contains some examples of hospital data breaches that could happen:

  • When a member of the hospital staff accesses your records without any medical need to.
  • If your personal information is shared with organisations that you’ve not explicitly agreed to.
  • Where printed records containing identifiable information are disposed of incorrectly or left in public view.
  • Where the hospital network or computer security systems are attacked by ransomware, malware or viruses.
  • If personal information about you is sent in a letter or email to the wrong patient.
  • Where a member of staff leaves their computer unlocked and an unauthorised individual reads your information.

There are times when the data breach might not result in any harm and it might not even be identified but, where an organisation realises what’s happened, they must take steps to let you, and the ICO, know about the breach.

If you’d like us to start a claim for harm caused by an NHS information breach, please get in contact with our team today.

Action Taken By The ICO In Relation To The Royal Free Hospital And DeepMind

We’re now going to look in more detail at the case investigated by the ICO involving the Royal Free London NHS Foundation Trust. It’s important to point out that the investigation is about the Royal Free London Trust because they were the data controller. Google DeepMind was not investigated as they were the data processor.

The ICO investigation found that the personal data of 1.6 million patients were provided to DeepMind by the Trust. The information was to be used in a trial to test software that would detect, alert and diagnose acute kidney injuries.

Following the investigation, it was found that the way in which data was processed had several shortcomings. The main finding was that patients hadn’t been adequately informed about the fact their data would be included in the trial.

The outcome of the ICO investigation was that, among other things, they have asked the Trust to:

  • Form a legal basis for the Google DeepMind project in accordance with the Data Protection Act.
  • Explain how it will meet its duty of confidence to patients for future trials.
  • Arrange an audit of the trial and send its findings to the ICO.

How To Report A Healthcare Provider For An ICO Investigation

When you have reason to believe you’ve been affected by an NHS data breach, you may decide that you want to be compensated for the harm caused. However, to do so, you’ll need evidence to show what happened. So how do you find such evidence?

The first step you could take is to make a formal complaint to the NHS department involved. They should spend time investigating what happened and report back to you. If you’re not happy with their findings, there should be an escalation route that you can take to ask somebody else to investigate.

What happens, though, when you’ve exhausted all possible avenues within the NHS and you’re still not happy with what they’ve told you? Well, you could ask the ICO to take a look.

They don’t like to take on investigations where a long time has passed since you last spoke to the organisation. Therefore, you should contact the ICO within 3-months of your last meaningful communication with the NHS.

While the NHS complaint or the ICO investigation could provide some answers about whether a breach took place or not, neither will result in you being paid compensation. The only method of achieving that is for you to make a claim directly against the NHS.

If you work with Legal Expert, one of our solicitors could take your case on and try to negotiate on your behalf to reach an out of court settlement without involving the ICO. If that’s not possible, they could look at more formal action to try and achieve compensation for you.

To check if one of our specialist solicitors could help you claim for a Royal Free Hospital data breach, please speak to a member of our team for free today.

How Could You Be Compensated If Your Private Medical Data Is Breached?

It’s not time to look at what you could be compensated for following a data breach and how much might be awarded. So, when you discuss your claim with a solicitor, they’ll work out whether you’re able to claim for:

  • Material Damages.
    This is an award designed to compensate you for the financial losses you have incurred because of the data breach.
  • Non-material Damages.
    This is an award made to compensate you if you’ve suffered harm such as psychological damage as a result of the breach.

While we’d love to list exactly what can be included in your claim here, it’s not possible as each claim is unique. If you decide to work with one of our solicitors, they’ll review your claim with you to make sure they fully understand how you’ve been affected.

The first thing the solicitor will look at is whether there are any immediate or long-term financial losses that have resulted from the data breach. For instance, if you’ve incurred debt because a credit account was opened in your name. Furthermore, they’ll consider the impact on your credit file in the future.

Then they’ll look at what impact the breach has had on your mental health. The effects of anxiety, stress, and Post-Traumatic Stress Disorder will all be considered by a medical expert. They’ll also assess how your ability to cope day to day at work or in education have been affected.

As you can see, there’s a lot to consider before a claim is submitted but it’s an important process. If you’d like a solicitor from our team to thoroughly assess your case with you, to try and ensure you achieve the right level of compensation, please get in touch with Legal Expert today.

How Much Could Your ICO DeepMind Royal Free Claim Be Worth?

Now we’re going to look at the amounts of compensation that could be paid for harm caused by a data breach. The Court of Appeal decided in the case Vidal-Hall and others v Google Inc [2015], that it’s possible to claim for injuries caused by a data breach even if there has been no financial impact on the claimant. In addition, they specified that settlements for non-material damage should be based on personal injury compensation amounts.

The table below contains some example compensation figures for psychological injuries that could result from a data breach. The information was taken from an article used by courts known as the Judicial College Guidelines (JCG). Please use these figures as guidance only. Once your claim has been assessed properly, your solicitor should be able to provide a more personalised compensation figure.

Type Of Claim Severity Compensation Range Additional Comments
Psychiatric Damage (general) Severe £51,460 to £108,620 In this category, the victim will be given a poor prognosis as they will have problems relating to work, education and also life in general. In most cases, relationships anybody they come into contact with will be problematic and there will be risk that the victim will be vulnerable in the future as well.
Psychiatric Damage (general) Moderately Severe £17,900 to £51,460 In this category, the claimant’s symptoms will be similar to above. However, in this case, the prognosis will be more optimistic.
Psychiatric Damage (general) Less Severe Up to £5,500 Awards made in this category will take into account how long the disability lasted and to what extent the victims daily activities and sleep were affected.
Post-Traumatic Stress Disorder Moderately Severe £21,730 to £56,180 This settlement range is for where PTSD means the victim has significant disabilities for the foreseeable future but, with professional help, the prognosis will be better and some recovery will be expected.
Post-Traumatic Stress Disorder Less Severe £3,710 to £7,680 This category is used when the PTSD symptoms have just about fully recovered within a year or two.

Each entry in the JCG is based on the severity of the injury. Therefore, if you want to be compensated properly, medical evidence needs to show the true extent of your suffering. That’s why, as part of the claims process, your solicitor will make an appointment for a local medical assessment during which a specialist will review your medical records. They’ll also ask questions about how you’ve been affected by the data breach and then put all of their findings in a report for your solicitor.

Because medical evidence is so important when claiming compensation, a medical assessment is mandatory in all cases.

No Win No Fee Royal Free Hospital Data Protection Breach Claims

Now that you’ve read why you could claim for a data breach and how much compensation might be paid; you might be wondering how much the claims process will cost. Many people put off claiming because they’re worried about paying a solicitor and then losing the case. That’s why our team of solicitors operate a No Win No Fee service for every claim they accept.

The solicitor will first of all check that the case has a reasonable chance of success before agreeing to proceed. Then they’ll prepare a Conditional Fee Agreement (or CFA), for you.

The CFA is what is used to fund your case and it explains that:

  • No upfront fees are required.
  • You don’t need to pay solicitor’s fees while the claim continues.
  • If the claim is lost, you don’t need to cover any solicitor’s fees at all.

It will also explain that if the claim is won, your solicitor will retain a success fee to cover their work and costs. This forms a small percentage of your compensation. Your success fee, which is legally limited, is listed in the CFA so you will know exactly what percentage you’ll pay in the event of a positive claim.

Please let us know if you’d like an advisor to check if you’re eligible to claim on a No Win No Fee basis.

Find A Medical Data Breach Lawyer

If you’re now in the position where you want to start a data breach claim, how do you go about picking the best solicitor to help you? Well, you could simply look at your local high street for a solicitor to take your case on. You could ask friends for a recommendation or you could just look at online reviews. While all of these things could result in you finding the right solicitor to work with, you could spend a lot of time doing them.

Why not save your time and call Legal Expert today? Our team of solicitors have been representing clients for decades on a No Win No Fee basis. If your claim is taken on, you’ll be assigned a specialist who’ll be on hand throughout your case to provide updates and answer any questions you might have.

Talk To Us

If you’re ready to get the ball rolling and start your claim today, you can:

  • Call our claims line for free advice on 0800 073 8804
  • Start an online claim and we’ll arrange to call you back.
  • Use our live chat channel to speak to a real online advisor.
  • Email us with details about your case on

Extra Claims Resources

In the final section of this article about claiming for a Royal Free Hospital data breach, we’ve added some further resources and links which may help you further.

London Medical Negligence Solicitors – Advice on claiming for suffering caused by medical negligence in London.

Professional Negligence Claims – Information on how you could claim for negligent professional advice that’s caused you to suffer.

Employment Law Solicitors London – Details of how to find solicitors specialising in employment law who cover London.

CQC Inspection Report – The latest inspection and rating for the Royal Free London NHS Foundation Trust by the Care Quality Commission.

Be Data Aware – Advice from the ICO on how organisations could use your data.

Complaints Procedure – Details on the correct procedure to follow to make a formal NHS complaint.

Other Useful Compensation Guides

Guide by Hambridge

Edited by Billing

    Contact Us

    Fill in your details below for a free callback

    Meet The Team

    • Patrick Mallon

      Patrick is a Grade A solicitor having qualified in 2005. He's an an expert in accident at work and public liability claims and is currently our head of the EL/PL department. Get in touch today for free to see how we can help you.

      View all posts