Growing threat of Data Breach Compensation Claims targeting Retailers


We would like to bring an important issue to your attention regarding a recent incident that has highlighted a growing threat of opportunistic data breach claims against businesses, specifically those in retail. This situation, shared by one of our members, underscores the potential financial and legal risk posed by individuals seeking compensation for alleged GDPR infringements.

The Situation

Several months ago, a retailer in our network, Fair Deal Music, received multiple emails from an individual, claiming that the retailer’s website was using a tracking device that violated GDPR by sharing his personal data without consent. This person requested compensation and threatened to escalate the matter legally if this demand was not met.

Initially dismissed as a scam, these communications were ignored based on feedback from industry peers, who reported similar experiences without any legal follow-up.

However, in this case, the individual filed a formal legal claim with a County Court, demanding £470 in compensation plus £50 in court fees. Fair Deal Music consulted legal advice, only to find that the cost of defending the case could exceed the requested amount in compensation.

Given these circumstances, the retailer submitted a defence but anticipates an unfavourable outcome due to a lack of substantial evidence to counter the claim.

Implications for the Industry

This incident raises a critical concern: retailers, especially smaller businesses, may become frequent targets of individuals seeking compensation under GDPR regulations. As word spreads about successful compensation claims, there is a risk of a “floodgate” effect, where other individuals may follow suit, threatening similar claims and demanding settlements.

Recommended Actions

To mitigate this risk, an immediate review is recommended. Such a review would aim to:

  • Provide clarity on data protection compliance in terms of website tracking and customer data handling.
  • Develop standard operating procedures for responding to potential claims.
  • Offer guidance on when to pursue legal defence versus settling claims to avoid excessive legal costs.

You may wish to seek legal advice now to ensure that your current policies, particularly around website tracking, are GDPR compliant.

As an MIA member, you have access to free advice on issues like GDPR, VAT, tax, PAYE, health & safety, employment law, and more through Croner’s Business Support Helpline.

This service has saved our members hundreds of pounds per inquiry, which is a significant benefit—particularly for small businesses that may not require highly specialised legal advice but would benefit from quick, practical guidance.

Phone calls to Croner are completely free for members, covered by the MIA. If you want Croner to assist with creating or updating your GDPR Policy and procedures, they offer preferential rates and discounts due to your membership. MIA members can find the Croner helpline information on our log-in system here.

We are also working to find a data privacy expert to discuss preventative measures that protect members from such claims. In the meantime, if you receive similar demands for compensation, we strongly advise consulting with your own GDPR specialists or Croner before responding or making any payments.

This case serves as an urgent reminder of the importance of robust data protection practices and proactive legal readiness. We will provide updates on resources and recommended protocols to address these threats and support members in safeguarding their businesses.


Want to Join the Music Industries Association?

Join now

Already a member?

Sign in