A Guide To Making A Data Breach Compensation Claim

By Stephen Hudson. Last Updated 15th August 2024. If your personal or sensitive information has been exposed or accessed without your consent, you could be entitled to claim data breach compensation.

Below, you can find lots of useful information on making a data breach claim. Specifically, you can find details on:

• The role of the Information Commissioner’s Office (ICO)
• The roles of the UK General Data Protection Regulation (GDPR) and Data Protection Act 2018 in data protection law.
• What organisations could be subject to a data breach claim
• How much compensation you could get after a data breach
• And how you can make a No Win No Fee claim with our expert solicitors.

We’ll also answer questions like:

• How long does a data breach claim take?
• And how much is a data breach claim worth?

We’ll answer many more questions about data protection claims below. You can jump to the section that interests you most by clicking below.

Additionally, you can contact our team of advisors if you have any questions about claiming data breach compensation. You can connect with them via the following contact details:

• Call 0800 073 8804
• Contact us online.
• Use our live chat.

Select A Section

1. What Is A Data Breach?
2. When Could I Claim Data Breach Compensation?
3. Examples Of Potential Data Breaches
4. What Should I Do After A Data Breach?
5. Does The Information Commissioner’s Office (ICO) Pay Data Breach Compensation?
6. What Evidence Do I Need To Support A Data Breach Compensation Claim?
7. How Much Compensation Could I Receive For A Personal Data Breach Claim?
8. Start Your No Win No Fee Data Breach Claim Today

To see the key points from our guide, why not watch our video below:

What Is A Data Breach?

Article 4 of the UK General Data Protection Regulation (UK GDPR) defines a personal data breach as a breach of security which leads to the unlawful or accidental disclosure, loss, alteration, destruction, or unauthorised access to someone’s personal data.

Personal data is any type of information that can reveal your identity. Some examples of personal data include personal email addresses, names, postal addresses, and national insurance numbers.

Special category data is personal data that needs protecting more because the information is sensitive. Some examples of special category data can include your genetic data, biometric data, and data concerning your health.

If your personal data has been breached, contact us today to find out whether you can begin a personal data breach compensation claim.

When Could I Claim Data Breach Compensation?

If your personal data was breached, you may wonder if you are entitled to compensation. The personal data of all UK residents is protected by the UK GDPR and the Data Protection Act 2018 (DPA).

Data controllers, who decide how and why to use your personal data, and data processors, who process the data on behalf of the controller, are both expected to comply with these legislations. If they fail to do so, this is known as wrongful conduct.

Wrongful conduct can lead to a personal data breach

So, in order to claim compensation for a data breach, you have to be able to prove that:

• A data breach occurred as a result of wrongful conduct
• Your personal data was affected by a data breach
• You suffered mental or financial harm as a result

We look at a few data breach compensation examples further in this article, or you can speak with an advisor to discuss your eligibility to claim.

Examples Of Potential Data Breaches

You could make a claim if your personal data was compromised in a data breach due to an organisation breaking the Data Protection Act 2018 (DPA) and the UK General Data Protection Regulation’s (UK GDPR) rules. You will also need to prove that the personal data breach caused you to suffer mental harm or financial loss.

There are various ways an organisation’s failures could result in data protection breaches. Some examples include:

• Human error, such as the receptionist at your GP surgery verbally sharing your medical records with an unauthorised person without a lawful basis.
• Your employer doesn’t update your workplace’s cyber security, which leads to a cyber-attack. The hacker then leaked your phone numbers (home and mobile), resulting in you receiving unwanted calls and messages.
• Your solicitor fails to lock away or secure a paper file containing your personal information. This could result in your personal data being lost or stolen.
• In terms of real-life examples, Capita, a large data processing firm that administers pension funds for various organisations as well as data for the UK Government, experienced a major cybersecurity incident, including some of the biggest funds in the country. For more advice on the Capita data breach head here. Another recent example came from the Southern Water also suffered a data breach in similar circumstances.

It is important to note that not all data breaches can lead to a claim. If you did not suffer any harm due to the data breach, or if the organisation took all the necessary steps and measurements to protect your personal data, but it was still compromised, you might not be able to claim.

Contact our advisors today to receive free legal advice regarding your specific claim. They could also help you answer any question you may have about starting a claim for a personal data breach.

What Should I Do After A Data Breach?

If you suspect your personal data was compromised, you may want to know what to do after a data breach. Some steps you take could help secure your information, whilst others will help support a claim for data breach compensation.

Firstly, you will want confirmation of the data breach. You could ask the organisation that you suspect breached your data to confirm that a data breach occurred, what data was included in it and how it happened. Any correspondence between yourself and the organisation can help support a compensation claim. We look at other examples of evidence later on.

If the organisation does not respond, or the response is unsatisfactory, you can complain to the Information Commissioner’s Office (ICO). We further explain this in the next section.

Additionally, you could run a credit check. This could help alert you to any fraudulent activities, such as another party obtaining a credit card. You may also want to watch your bank statements to ensure criminals have not gained access to your account. Furthermore, you can notify your bank of the data breach.

You may also wish to take steps to protect your personal data, such as changing passwords on your online accounts, including those for email and social media.

Direct any questions about what steps could help support a claim for data breach compensation to an advisor from our team.

Does The Information Commissioner’s Office (ICO) Pay Data Breach Compensation?

The ICO is an independent organisation that is charged with enforcing compliance with the GDPR and the Data Protection Act 2018. They’re also charged with enforcing compliance with other laws, such as the Privacy and Electronic Communications Regulations (PECR), as well as other legislation.

The ICO does not pay data breach compensation. 

If you believe that you’ve fallen victim to a data breach, the ICO recommends contacting the organisation directly to complain.

If nothing comes of that complaint then you can take the matter up with the ICO, ideally no later than 3 months since you last heard from the organisation.

As we’ve seen above, the ICO can issue hefty fines, like the £20m they gave to British Airways. But above all, the ICO seeks to enforce compliance with the laws.

They provide recommendations and guidance on how organisations can fix problems with data protection.

What Evidence Do I Need To Support A Data Breach Compensation Claim?

If you are eligible to pursue a claim for data breach compensation, collecting sufficient evidence could help support your case.

Some examples of evidence that could help support your personal data breach claim include:

• Confirmation that your personal data was breached. For example, the organisation responsible may have sent you an email or letter stating that your personal data was involved in a data breach.
• Any communications with the data controller/processor responsible for the breach.
• If you reported the breach to the ICO and they decided to investigate, the findings can be used as proof in your claim.
• Proof that you suffered psychological harm due to the breach. For example, this could be a copy of your medical records stating that you were diagnosed with anxiety after the breach occurred.
• Proof that you suffered financial losses due to the breach. A copy of your bank statements could be used as evidence for this.

Contact our advisors today to discuss your potential claim. If they believe you may have a strong case, they could connect you with a solcitor, who could help you with gathering evidence.

How Much Compensation Could I Receive For A Personal Data Breach Claim?

If your data breach claim is successful, then the settlement may compensate for your non-material and material damage. You can claim for both types of damage either independently or together.

Non-material damage is any psychological harm you’ve experienced due to a breach of your personal data. Those who value a data breach compensation claim for the non-material damage you have suffered may use the Judicial College Guidelines (JCG) for reference. This document features guideline compensation brackets for numerous types of psychological and physical injuries.

Compensation figures found in the JCG for mental health injuries include the examples below (aside from the first entry):

• If you have suffered severe psychological harm alongside financial losses, you could be awarded up to £250,000 and over.
• If claiming for general psychiatric damage that is severe, and it heavily influences your ability to go to work or perform certain everyday tasks, then the compensation figure ranges from £66,920 to £141,240.
• For general psychiatric damage that is moderately severe, creating significant issues with going to work or carrying out everyday activities, the compensation bracket is £23,270 to £66,920.
• For moderate general psychiatric damage that has impacted on everyday life but has either improved by trial or the prognosis is good, the guideline figure is £7,150 to £23,270.
• When a less severe case of general psychiatric damage is being claimed for, which means virtually a full recovery can be achieved within either one or two years, the guideline payout figure is £1,880 to £7,150.
• If claiming for post-traumatic stress disorder (PTSD) that is severe, and it involves permanent effects which prevent you from working, the compensation bracket is £73,050 to £122,850.
• When a claim involves PTSD that is moderately severe, and for the foreseeable future it is causing significant disability, the compensation figure is £28,250 to £73,050.
• For moderate PTSD which you have largely recovered from, the guideline figure is £9,980 to £28,250.
• If claiming for less severe PTSD, where virtually a full recovery is made within either one or two years, you could potentially receive between £4,820 to £9,980.

Material damage refers to financial losses you’ve experienced because of a data breach. For example, if you’ve suffered a psychological injury and you have taken unpaid time off work so you can recover, then the loss of earnings could possibly be included as part of your settlement.

You’ll need evidence to claim for your material damage. This may include specific documents like wage slips, bank statements, receipts or invoices.

To ask questions about how much compensation for a data breach you could claim, get in touch with our advisors for free today.

Start Your No Win No Fee Data Breach Claim Today

If you have a valid case to start a data breach claim, you may want to consider obtaining legal representation.

One of our expert data breach solicitors may be able to help you with your case. Additionally, they may offer to represent you on a No Win No Fee basis under a Conditional Fee Agreement.

With this particular arrangement in place, you will not have to pay anything upfront to your solicitor for them to begin working on your case. Furthermore, there will be no fees to pay for their services if the claim ends unsuccessfully.

However, if you are successfully awarded data protection breach compensation, your solicitor will deduct a success fee from this. There is a legal cap in place for the percentage that this success fee can be.

To see if one of our No Win No Fee solicitors could assist you with your personal data protection compensation claim, you can contact our advisors.

Connect With Us

Our team is available 24 hours a day, 7 days per week to answer any legal queries you may have. And there’s no obligation to proceed with a claim. You can get in touch in the following ways:

• By calling us on 0800 073 8804
• Writing to us with details of your case by clicking here.
• Or sending us a message via our live chat function, which can be found bottom right.