Data Breach Compensation Claims – A Complete Guide To GDPR Data Breach

Welcome to our data breach compensation claims page.

Here, you can find lots of useful information and guides on making data breach claims. Specifically, you can find details on:

  • The role of the Information Commissioner’s Office (ICO)
  • The roles of the General Data Protection Regulation (GDPR) and Data Protection Act 2018
  • What organisations could be subject to a data breach claim
  • How much compensation you could get in a data breach claim
  • And how you can make a No Win No Fee data breach claim with our expert solicitors.

We’ll also answer questions like:

  • How long does a data breach claim take?
  • And how much is a data breach claim worth?

What Is A Data Breach Compensation Claim?

A data breach is the unlawful disclosure or accessing of personal data without your consent. This personal data may have been misused, disclosed, destroyed or lost. It may have occurred as a result of human error or because of a cyberattack.

A data breach could cause all types of damage and harm. If, for example, your GP sends a letter containing sensitive information to your neighbour’s address and they happen to read the content of that letter, it may provoke significant stress and anxiety.

Data Breach compensation

There may also be financial harm inflicted too. If your bank details have been accessed in a cyberattack, for example, you may be subject to identity theft.

If you’ve been the victim of a breach of privacy, you’re entitled to make a claim under data protection law.

There are time limits in place when it comes to making a data breach claim. From the date of the breach, you have 6 years to begin proceedings, or 1 year if it involves a human rights issue. Our advice is to take action as soon as possible. The longer you delay, the harder it might be to recall details or trace evidence.

Who Can You Make A Data Breach Claim Against?

In our modern world, we’re forever consenting to organisations holding onto our data. This may be an online store, the local council or your NHS GP and hospital.

The body in charge of monitoring and enforcing data protection laws is the Information Commissioner’s Office (ICO). They have over the past few hours issued fines, some of them significant, to a number of different companies and organisations. For example:

  • British Airways was fined £20m in October 2020 for failing to protect the personal and financial data of in excess of 400,000 customers. British Airways had been subjected to a cyberattack in 2018, which went undetected for more than 2 months.
  • In July 2019, the ICO gave notice of its intention to fine international hotel chain Marriott £99m. This followed a cyberattack in which the personal data of 339 million global customers was accessed, including 7 million in the UK.
  • In 2018, an error in the system used by the NHS led to 150,000 patients being involved in a data breach.

What Is The Information Commissioner’s Office (ICO)?

The ICO is an independent organisation that is charged with enforcing compliance with the GDPR and the Data Protection Act 2018. They’re also charged with enforcing compliance with other laws, such as the Privacy and Electronic Communications Regulations (PECR), as well as other legislation.

If you believe that you’ve fallen victim to a data breach, the ICO recommends contacting the organisation directly to complain. If nothing comes of that complaint then you can take the matter up with the ICO, ideally no later than 3 months since you last heard from the organisation.

As we’ve seen above, the ICO can issue hefty fines, like the £20m they gave to British Airways. But above all, the ICO seeks to enforce compliance with the laws. They provide recommendations and guidance on how organisations can fix problems with data protection.

The ICO, however, cannot provide you with data breach compensation. To achieve that, you’d need to make a claim yourself.

How Can I Be Compensated Following A Data Breach?

Under data protection law, it’s possible to seek compensation for two forms of damage:

  • Material damage – this relates to your finances. If you suffer monetary or identity theft, or damage to your credit rating, you can seek compensation to account for this form of harm.
  • Non-material damage – relate to your mental health. If the data breach has created stress in your life, anxiety, depression, or even post-traumatic stress disorder, it’s possible to seek compensation for these conditions, as well as the impact they’ve had on your life as a whole, such as impacting your ability to work and socialise.

If you’d like more guidance on data breach compensation claims, please get in touch, or consider some of our guides below.

Data Breach Guides

Below, you can find links to some of our published data breach claims guides.

General Guides



Local Councils

Start Your No Win No Fee Claim Today

We believe that everybody should have equal access to justice, and because of that belief, we offer all of our clients the option of entering into a No Win No Fee agreement when pursuing a claim.

What does this mean? Essentially, if your claim fails, you will not have to pay your solicitor any of the fees they have incurred in pursuing your case. You also won’t be liable to pay any upfront fees nor any costs while the claim is ongoing.

If the claim does succeed, your solicitor will deduct a small percentage of the compensation award to cover their costs. This percentage is capped by law, so you need not worry about losing much of your compensation.

Get In Touch With Our Expert Solicitors

Our team is available 24 hours a day, 7 days per week to answer any legal queries you may have. And there’s no obligation to proceed with a claim. You can get in touch in the following ways:

Guide by Billing

    Contact Us

    Fill in your details below for a free callback

    Name :
    Email :
    Phone :
    Services :
    Time to call :

    Latest News