Data Breach Compensation

We’re specialists in recovering compensation for data breaches. We can help you too. 

100% No Win, No Fee Claims
Nothing to pay if you lose

  • Free legal advice from a friendly solicitor.
  • Specialist solicitors with up to 30 years of experience
  • Find out if you can claim compensation Call 0800 073 8804

Start My Claim Online

Data Breach Compensation – A Complete Guide To GDPR Data Breach Claims

By Max Mitrovic. Last Updated 5th August 2022. If your personal or sensitive information has been exposed or accessed without your consent, you could be entitled to claim data breach compensation.

Below, you can find lots of useful information on making a data breach claim, as well as our research report on the number of police data breaches committed in the last couple of years.

Our Investigation Into The Number Of Data Breaches By British Police Forces

Police forces in the UK play a pivotal role in keeping us safe. They keep large amounts of personal data about their employees and members of the public, including witnesses, suspects, and criminals. For example:

  • An individual’s name;
  • Home address;
  • Email address;
  • Telephone number.

Additionally, police departments also have access to special category data, including:

  • Information on criminal offences; 
  • Genetic and biometric information;
  • Individual employee details, including their racial or ethnic background, union membership, and sexual orientation.

As per the rules set out in the UK GDPR and the Data Protection Act 2018, all controllers of data must take steps to keep it safe and secure. It is critical that police forces meet these obligations too.

For the past 6 months we have investigated data breaches in police forces in the UK between January 2019 and November 2021. 

For the purposes of our investigation, we submitted Freedom Of Information (FOI) requests to 43 territorial police forces in England and Wales, the national police forces in Scotland and Northern Ireland, and three specialist police forces to find out the number of breaches of data protection and the circumstances that may be causing these breaches. 

Given the scope of the information we requested, some police forces took longer to respond or were unable to respond at all.

Our Findings

89% of police forces responded to our FOI request. The information provided led to several surprising conclusions:

  • There were 13,332 suspected security incidents or data breaches
  • Approximately 19 data breaches occurred each day, or one every 76 minutes
  • 90% of forces had at least one suspected data security incident
  • 59% of responding forces had identified at least 100 suspected data breaches or security incidents

The top ten police forces most frequently affected by suspected data breach incidents were as follows:

  1. Police Scotland – 2,809 suspected incidents
  2. Kent Police and Essex Police – 1,356 suspected incidents
  3. Lancashire Police – 1,317 suspected incidents
  4. West Mercia Police – 1,252 suspected incidents
  5. Cheshire Constabulary – 956 suspected incidents
  6. Devon and Cornwall Police – 869 suspected incidents
  7. Norfolk Constabulary and Suffolk Constabulary – Close to 800 incidents
  8. West Yorkshire Police – 641 suspected incidents
  9. Avon and Somerset Police – Over 600 suspected incidents
  10. Dorset Police – 479 suspected incidents

Most concerning of all, we discovered that email misuse accounts for about 28% of all police data breaches, indicating that many of these breaches—and the subsequent damage they may cause— could be prevented.

You may already be aware that police data breaches can have a big impact on people’s lives. If, for instance, the defendant learns of any sensitive witness information, entire cases may fall apart.

Victims of human errors like this can experience distress and could even start to worry for their safety, causing psychological conditions to develop such as anxiety and post-traumatic stress disorder.

Download The Report

Our report is free to download in PDF form.

All we ask is that you include a source link to this page when you refer to it on your website or platform.

Click Here To Download The Report

legal expert police data breach report

Press Info

For press enquiries, including for comments, clarification, interviews or information about our latest report, you can contact us by emailing

Learn More About Claiming Data Breach Compensation

Specifically, you can find details on:

  • The role of the Information Commissioner’s Office (ICO)
  • The roles of the General Data Protection Regulation (GDPR) and Data Protection Act 2018
  • What organisations could be subject to a data breach claim
  • How much compensation you could get after a data breach
  • And how you can make a No Win No Fee claim with our expert solicitors.

We’ll also answer questions like:

  • How long does a data breach claim take?
  • And how much is a data breach claim worth?

We’ll answer many more questions below. You can jump to the section that interests you most by clicking below.

Select A Section

  1. What Is A Data Breach Compensation Claim?
  2. Who Can You Make A Data Breach Claim Against?
  3. What Is The Information Commissioner’s Office (ICO)?
  4. Data Breach Compensation Awards
  5. Data Breach Guides
  6. Start Your No Win No Fee Claim Today
  7. Get In Touch With Our Expert Solicitors

What Is A Data Breach Compensation Claim?

A data breach is the unlawful disclosure or accessing of personal data without your consent. This personal data may have been misused, disclosed, destroyed or lost. It may have occurred as a result of human error or because of a cyberattack.

A data breach could cause all types of damage and harm. If, for example, your GP sends a letter containing sensitive information to your neighbour’s address and they happen to read the content of that letter, it may provoke significant stress and anxiety.

Data Breach compensation

There may also be financial harm inflicted too. If your bank details have been accessed in a cyberattack, for example, you may be subject to identity theft.

If you’ve been the victim of a breach of privacy, you’re entitled to make a claim under data protection law.

There are time limits in place when it comes to making a data breach claim. From the date of the breach, you have 6 years to begin proceedings, or 1 year if it involves a human rights issue. Our advice is to take action as soon as possible. The longer you delay, the harder it might be to recall details or trace evidence.

Who Can You Make A Data Breach Claim Against?

In our modern world, we’re forever consenting to organisations holding onto our data. This may be an online store, the local council or your NHS GP and hospital.

The body in charge of monitoring and enforcing data protection laws is the Information Commissioner’s Office (ICO). They have over the past few hours issued fines, some of them significant, to a number of different companies and organisations. For example:

  • British Airways was fined £20m in October 2020 for failing to protect the personal and financial data of in excess of 400,000 customers. British Airways had been subjected to a cyberattack in 2018, which went undetected for more than 2 months.
  • In July 2019, the ICO gave notice of its intention to fine international hotel chain Marriott £99m. This followed a cyberattack in which the personal data of 339 million global customers was accessed, including 7 million in the UK.
  • In 2018, an error in the system used by the NHS led to 150,000 patients being involved in a data breach.

What Is The Information Commissioner’s Office (ICO)?

The ICO is an independent organisation that is charged with enforcing compliance with the GDPR and the Data Protection Act 2018. They’re also charged with enforcing compliance with other laws, such as the Privacy and Electronic Communications Regulations (PECR), as well as other legislation.

If you believe that you’ve fallen victim to a data breach, the ICO recommends contacting the organisation directly to complain. If nothing comes of that complaint then you can take the matter up with the ICO, ideally no later than 3 months since you last heard from the organisation.

As we’ve seen above, the ICO can issue hefty fines, like the £20m they gave to British Airways. But above all, the ICO seeks to enforce compliance with the laws. They provide recommendations and guidance on how organisations can fix problems with data protection.

The ICO, however, cannot provide you with data breach compensation. To achieve that, you’d need to make a claim yourself.

Data Breach Compensation Awards

Under data protection law, it’s possible to seek compensation for two forms of damage:

  • Material damage – this relates to your finances. If you suffer monetary or identity theft, or damage to your credit rating, you can seek compensation to account for this form of harm.
  • Non-material damage – relates to your mental health. If the data breach has created stress in your life, anxiety, depression, or even post-traumatic stress disorder, it’s possible to seek compensation for these conditions, as well as the impact they’ve had on your life as a whole, such as impacting your ability to work and socialise.

Data Breach Compensation Examples

The Judicial College Guidelines can provide you with a better idea of what you could receive for non-material damages as part of your data breach claim. As previously mentioned, non-material damages relate to the psychological injuries that you’ve suffered. In order to claim successfully, you would need to prove that you’ve suffered one of the two types of damages listed above and that the data breach occurred due to the action or inaction of a data processor or controller.

The data breach compensation you could receive for psychological injuries will be determined by factors such as the extent of the injury and how badly it has impacted your everyday life. Please bear in mind that the below figures are not guaranteed, simply compensation brackets from successful claims that have happened in England and Wales.

The figures have been taken from the latest guidelines, published in 2022.

Injury TypeSeverityFeatures of InjuryCompensation Bracket
Post-Traumatic Stress DisorderSeverePermanent symptoms that completely stop the injured person from functioning anywhere near the pre-trauma level. £59,860 to £100,670
Post-Traumatic Stress DisorderModerately SevereBetter prognosis will be achieved due to a positive reaction to professional care. £23,150 to £59,860
Post-Traumatic Stress DisorderModerateThe injured person will have mostly recovered from their injuries. Any symptoms that continue will not be particularly disabling. £8,180 to £23,150
Post-Traumatic Stress DisorderLess SevereVirtual full recovery will be made within a year or two. Symptoms of a minor nature may still persist for longer. £3,950 to £8,180
General Psychiatric DamageSeverePrognosis will be poor due to the injured person’s inability to cope with life as well as future vulnerability. £54,830 to £115,730
General Psychiatric DamageModerately SevereSerious problems will persist. However, prognosis will be a lot more optimistic than in more severe cases. £19,070 to £54,830
General Psychiatric DamageModeratePrognosis will be good due to a noted improvement through care and professional help. £5,860 to £19,070
General Psychiatric DamageLess SevereHow long the disability affected the injured person and the extent to which aspects like sleep were affected will be taken into consideration. £1,540 to £5,860

Data breach claims can be complex so it’s difficult to provide you with an estimate specifically relating to your injury unless you contact us. You can do so for free at a time that works for you using the details above.

Data Breach Guides

Below, you can find links to some of our published data breach claims guides.

General Guides



Local Councils

Police Data Breaches

Start Your No Win No Fee Claim Today

We believe that everybody should have equal access to justice, and because of that belief, we offer all of our clients the option of entering into a No Win No Fee agreement when pursuing a claim.

What does this mean? Essentially, if your claim fails, you will not have to pay your solicitor any of the fees they have incurred in pursuing your case. You also won’t be liable to pay any upfront fees nor any costs while the claim is ongoing.

If the claim does succeed, your solicitor will deduct a small percentage of the compensation award to cover their costs. This percentage is capped by law, so you need not worry about losing much of your compensation.

Get In Touch With Our Expert Solicitors

Our team is available 24 hours a day, 7 days per week to answer any legal queries you may have. And there’s no obligation to proceed with a claim. You can get in touch in the following ways:

Data Breach Solicitors

Regardless of where you’re based, we can help you claim data breach compensation. Please see below for some of our dedicated guides:

Other Useful Guides

    Contact Us

    Fill in your details below for a free callback

    Name :
    Email :
    Phone :
    Services :
    Time to call :