Make A Data Breach Compensation Claim

By Stephen Anderson. Last Updated 28th August 2024. You may have heard about data breaches in the news and you may even have been informed that your personal data has been involved in a breach. But did you know you can claim compensation for a data breach that causes you damage?

Well, that’s the case and in this article, we’ll look at what suffering might be caused by a data leak. Also, we’ll explain why you might be able to claim compensation. We’ll look at the laws that have been introduced to protect you. Finally, we’ll list some of the organisations (or data controllers) that hold information about you.

If you do wish to start a data breach claim, our team can help. They will review any claim without obligation and give you free legal advice too. Where your claim appears to have a reasonable chance of success, you could be referred to a data breach solicitor from our panel. Should they accept you as a client, they’ll represent you on a No Win No Fee basis. Importantly, that will mean no solicitor’s fees need to be paid unless you receive compensation.

We’re available on 0800 408 7825 if you’d like to begin a data protection breach claim right away. Alternatively, please read on to learn more about the claims process.

a solicitor showing how data breach compensation claims work

Select A Section

  1. What Is A Data Breach And Can I Claim CompensationAnd Can I Claim Compensation?
  2. What Is The Data Protection Act And UK GDPR?
  3. Data Breach Examples – Cases We’ve Helped With
  4. How Long Do I Have To Claim Data Breach Compensation?
  5. How Do I Prove A Data Breach Compensation Claim?
  6. Data Breach Compensation Payouts – Check What You Could Receive
  7. Claim With A No Win No Fee Data Breach Solicitor
  8. Related Data Breach Claims Guides

What Is A Data Breach And Can I Claim Compensation?

According to the UK General Data Protection Regulation (UK GDPR), personal data protection breaches are security incidents, that results in personal data being unlawfully or accidentally destroyed, changed, lost, disclosed or accessed in an unauthorised manner.

Within the UK GDPR, there are some key terms that we should define here:

  • Data controllers – an organisation that controls why and how personal data is used. Examples of data controllers can include the likes of the Conservative Party or Labour Party to organisations like the NHS.
  • Data processors – an organisation or individual who act on behalf of the data controller.
  • The data subject – this is an identifiable or identified individual whose personal data has been processed.

Although it may not seem quite clear just yet how a data breach could affect you, if you think about all the personal information that may be stored about you, how you would feel if this was leaked. You could suffer financially, psychologically or both as a result of the breach.

Data protection breaches could happen in a number of different ways. Some can be deliberate while others are human error and accidental. Whether the data breach was caused by human error or criminal activity, you could have grounds to claim compensation. Please call today if you’d like us to check whether you have the grounds to proceed.

The Criteria For Making A Data Breach Compensation Claim

To be eligible to make a data breach compensation claim, you will need to establish with evidence that:

  • A personal data breach occurred as a result of wrongful conduct.
  • This breach affected your personal data.
  • As a result, you suffered harm.

This harm can include financial loss, emotional damage, or both. Wrongful conduct occurs when an organisation fails to adequately comply with data protection legislation.

Please read on or contact our advisors to learn more about the legislations that cover data breaches and how much you may be able to receive in data breach compensation.

What Is The Data Protection Act And UK GDPR?

Let’s now look at some of the legislation that has been introduced to protect personal data.

What Is The Data Protection Act 2018?

When the UK was a part of the European Union we adopted their EU version of the GDPR and applied it into the Data Protection Act 2018 (DPA). When the United Kingdom left the EU the DPA was altered and we now refer to the UK GDPR.

The DPA provides a framework for the UK’s data protection laws alongside the UK GDPR. It replaced the Data Protection Act 1998 and was updated on 1st January 2021 because of the European Union (Withdrawal Act 2018). The Information Commissioners’ Office (ICO) is responsible for enforcing data protection laws. Data controllers who fail to adhere to applicable legislation and regulations can be heavily fined by the ICO.

What Is The UK GDPR?

The UK GDPR sits alongside the DPA to help protect personal information. That is any information that could be used to identify an individual directly or indirectly. As a result of the UK GDPR, data controllers and processors require a lawful basis to handle personal information. They must also abide by other data protection principles as well.

Where data protection breaches occur, the ICO can investigate organisations and force them to change the way they work. They could also hand out massive financial penalties too. However, the ICO cannot help you claim for any psychological injuries or monetary losses. For that reason, you will need to take your own legal action,

Data Protection Breach Examples – Cases We’ve Helped With

Organisations can store a lot of personal data on you, such as your name, email address or home address. Additionally, they may hold sensitive information such as health data or information regarding your ethnicity or religious beliefs. This type of information is classed as special category data under the UK GDPR.

You might want to sue for emotional distress after a breach of UK GDPR affected your personal data and caused you harm. In this section, we look at how your personal data might be breached as a result of positive wrongful conduct on behalf of a data controller or processor.

To give you an idea, we’ve listed some data protection breach examples below:

Continue reading to find out the data breach compensation amount you could be awarded if your claim is successfully settled. Additionally, we may be able to connect you with data protection breach solicitors from our panel.

How Long Do I Have To Claim Data Breach Compensation?

Whether you’re claiming for a car accident, a fall or a data protection breach, you will need to claim within the relevant time limit.

We suggest starting your claim as early as possible. That’s because while some data breach claims have a 6-year limitation period, others can have as little as 1-year.

To check how long you have to claim, please use live chat or give our advisors a call.

How Do I Prove A Data Breach Compensation Claim?

As mentioned previously, data breach compensation might be possible for suffering caused by psychological injury and/or financial losses because of a breach. You must also be able to show with evidence how those you hold responsible for allowing your personal information to be leaked are liable.

In the next section, we’ll explain what amount of compensation might be awarded for psychological suffering. Before we do, let’s look at the evidence that could support your claim:

  • By law, organisations must contact you if they become aware of a data protection breach that puts you at risk. This letter could be used as evidence.
  • Financial documents. Bank statements, receipts and benefit statements could all be used to help prove your losses.
  • Medical records and reports. Records from your GP could be used.

If your case is taken on, one of the data breach lawyers from our panel will assess your evidence. If the defendant doesn’t admit that the breach happened, you may be advised to ask the ICO to investigate. For more information on your options, please call.

Data Breach Compensation Payouts – Check What You Could Receive

In the case of Vidal-Hall and others v Google Inc [2015] at the Court of Appeal, it was ruled that compensation must be considered for any psychological harm caused by data breaches. Importantly, the court said that mental harm can be claimed for regardless of whether any money has been lost. This is a move away from previous rules.

In a separate case (Gulati & Others v MGN Limited [2015]), the court ruled that settlement amounts for these injuries should be based on the amount paid in personal injury law. Therefore, our compensation table, below, uses data from the Judicial College to show how much could be paid.

Mental HarmAmount
Very Severe Psychological Harm Plus Significant Financial LossesUp to £500,000 and above
Severe Psychological Damage£66,920 to £141,240
Moderately Severe
Psychological Damage		£23,270 to £66,920
Moderate Psychological Damage£7,150 to £23,270
Less Severe Psychological Damage£1,880 to £7,150
Severe Post Traumatic Stress Disorder£73,050 to £122,850
Moderately Severe Post Traumatic Stress Disorder£28,250 to £73,050
Moderate Post Traumatic Stress Disorder£9,980 to £28,250
Less Severe Post Traumatic Stress Disorder£4,820 to £9,980

What Is Material Damage In The Context Of Data Breach Compensation?

Additionally, you may also be awarded data breach compensation for any material damage you suffered. This refers to any of the financial losses you’ve incurred due to your personal data being compromised.

For example, fraudulent purchases could be made in your name as a result of your credit card details being involved in a data breach.

It’s crucial that you can provide evidence to show you have experienced financial harm as a result of a personal data breach, such as your bank or credit card statements. Some examples of banks that could suffer a data breach include:

If you have any additional questions about compensation that might be awarded in personal data breach claims, you can contact our advisors today.

Claim With A No Win No Fee Data Breach Solicitor

If you have a valid case, then you could claim for data breach compensation with the help of one of the No Win No Fee solicitors on our panel. When a data breach solicitor on our panel offers their support, they can do so under what’s called a Conditional Fee Agreement (CFA).

A CFA offers several benefits including the following:

  • You can get help with your data breach claim from a solicitor without needing to pay them any fees for their service either upfront or as your claim is ongoing.
  • If the claim proves unsuccessful, you normally won’t be asked to pay for your solicitor’s work that supported the case.
  • If your claim does succeed, then your No Win No Fee solicitor will receive a small success fee that’s taken from your compensation. A standard legal cap is applied to success fees. It ensures that you’ll get to keep most of the compensation for your successful claim.

To learn more about No Win No Fee solicitors or other aspects of data breach claims, contact our advisors for free support today. You can reach our team by:

A close up shot of a keyboard with a key marked 'data security' included on it

Related Data Breach Claims Guides

In our final section, we’ve included links to some further guides and external resources that may prove useful.

We have other guides available to read that you may find useful:

Thank you for reading our article on data protection breach claims.