how much can you sue for data protection

How Much Can You Sue For Data Protection For a Breach?

How much can you sue for data protection for a breach? Recent changes in the General Data Protection Regulation (GDPR) law have significantly increased data protection stakes. This breakdown of responsibilities can lead to significantly higher fines and damage claims. You have a right to claim data protection breach compensation. How? Read this article. 

How Much Can You Sue For Data Protection For Breach?

In recent years, the GDPR has caused a significant increase in fines that companies must pay. This is due to the law’s enforcement and its interpretation. 

The scope of the law covers all types of industries. This includes retail, health, education, and finance. It includes breaches of credit card data, email addresses, passwords, and more. 

The law covers the handling of personally identifiable information (PII). PII is any data that can be back to a person or business. Also, it must be in much the same way as credit card data or bank account details. 

If any information like this is lost or leaked, the company responsible can be up to €20 million or 4% of its annual turnover. For many companies, this can represent a massive amount of money. 

The recent changes in the law have made it more important than ever to ensure that data protection breaches are prevented and detected early. After all, prevention is better than cure when it comes to fines.

Who is Responsible for Breaches?

The GDPR makes it clear who is responsible for data protection breaches. All companies that handle PII must take reasonable steps to ensure that data is safe and secure. This includes:

  • Appropriate technical and organizational measures.
  • Proper training of staff; and
  • An overall culture of security in the workplace.

If there is a breach, the company or organization responsible will be liable. This could be a data protection agency, a health care provider, bank, retail outlet, or any other type of enterprise.

What is the Standard of Care?

The GDPR specifies that businesses must demonstrate a ‘high standard of care when handling PII. They must take all reasonable steps to protect it from loss and unauthorized access. If they fail to do so, they can be heavily under the law. 

The courts and data protection agencies will use the following factors to determine the standard of care:

The nature of the information. Also, measures are in place by the company to prevent data loss. 

What is a Breach?

There are many types of data protection breaches. The GDPR defines them as follows: aBreach means: 

“a violation of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.” 

Not all breaches will lead to fines under the law. So, the GDPR states that ‘less serious’ breaches must be to the relevant authority within 72 hours. Also, ‘serious’ breaches must be within a month.


The GDPR sets out one law across the European Union, replacing the previous patchwork of data protection laws. So, it aims to simplify rules for international business and has increased fines for data protection breaches. 

The new data protection rules have changed the way that businesses must deal with data breaches. They must take all reasonable steps to protect PII and report any breaches that occur.