Data Breach Compensation Claims – A Complete Guide To GDPR Data Breach

If your personal or sensitive information has been exposed or accessed without your consent, you could be entitled to claim data breach compensation.

In our guide, you can find lots of useful information on making a data breach claim. Specifically, you can find details on:

  • The role of the Information Commissioner’s Office (ICO)
  • The roles of the General Data Protection Regulation (GDPR) and Data Protection Act 2018
  • What organisations could be subject to a data breach claim
  • How much compensation you could get after a data breach
  • And how you can make a No Win No Fee claim with our expert solicitors.

We’ll also answer questions like:

  • How long does a data breach claim take?
  • And how much is a data breach claim worth?

We’ll answer many more questions below. You can jump to the section that interests you most by clicking below.

Select A Section

  1. What Is A Data Breach Compensation Claim?
  2. Who Can You Make A Data Breach Claim Against?
  3. What Is The Information Commissioner’s Office (ICO)?
  4. Data Breach Compensation Awards
  5. Data Breach Guides
  6. Start Your No Win No Fee Claim Today
  7. Get In Touch With Our Expert Solicitors

What Is A Data Breach Compensation Claim?

A data breach is the unlawful disclosure or accessing of personal data without your consent. This personal data may have been misused, disclosed, destroyed or lost. It may have occurred as a result of human error or because of a cyberattack.

A data breach could cause all types of damage and harm. If, for example, your GP sends a letter containing sensitive information to your neighbour’s address and they happen to read the content of that letter, it may provoke significant stress and anxiety.

Data Breach compensation

There may also be financial harm inflicted too. If your bank details have been accessed in a cyberattack, for example, you may be subject to identity theft.

If you’ve been the victim of a breach of privacy, you’re entitled to make a claim under data protection law.

There are time limits in place when it comes to making a data breach claim. From the date of the breach, you have 6 years to begin proceedings, or 1 year if it involves a human rights issue. Our advice is to take action as soon as possible. The longer you delay, the harder it might be to recall details or trace evidence.

Who Can You Make A Data Breach Claim Against?

In our modern world, we’re forever consenting to organisations holding onto our data. This may be an online store, the local council or your NHS GP and hospital.

The body in charge of monitoring and enforcing data protection laws is the Information Commissioner’s Office (ICO). They have over the past few hours issued fines, some of them significant, to a number of different companies and organisations. For example:

  • British Airways was fined £20m in October 2020 for failing to protect the personal and financial data of in excess of 400,000 customers. British Airways had been subjected to a cyberattack in 2018, which went undetected for more than 2 months.
  • In July 2019, the ICO gave notice of its intention to fine international hotel chain Marriott £99m. This followed a cyberattack in which the personal data of 339 million global customers was accessed, including 7 million in the UK.
  • In 2018, an error in the system used by the NHS led to 150,000 patients being involved in a data breach.

What Is The Information Commissioner’s Office (ICO)?

The ICO is an independent organisation that is charged with enforcing compliance with the GDPR and the Data Protection Act 2018. They’re also charged with enforcing compliance with other laws, such as the Privacy and Electronic Communications Regulations (PECR), as well as other legislation.

If you believe that you’ve fallen victim to a data breach, the ICO recommends contacting the organisation directly to complain. If nothing comes of that complaint then you can take the matter up with the ICO, ideally no later than 3 months since you last heard from the organisation.

As we’ve seen above, the ICO can issue hefty fines, like the £20m they gave to British Airways. But above all, the ICO seeks to enforce compliance with the laws. They provide recommendations and guidance on how organisations can fix problems with data protection.

The ICO, however, cannot provide you with data breach compensation. To achieve that, you’d need to make a claim yourself.

Data Breach Compensation Awards

Under data protection law, it’s possible to seek compensation for two forms of damage:

  • Material damage – this relates to your finances. If you suffer monetary or identity theft, or damage to your credit rating, you can seek compensation to account for this form of harm.
  • Non-material damage – relates to your mental health. If the data breach has created stress in your life, anxiety, depression, or even post-traumatic stress disorder, it’s possible to seek compensation for these conditions, as well as the impact they’ve had on your life as a whole, such as impacting your ability to work and socialise.

If you’d like more guidance on data breach compensation claims, please get in touch, or consider some of our guides below.

Data Breach Guides

Below, you can find links to some of our published data breach claims guides.

General Guides



Local Councils

Police Data Breaches

Start Your No Win No Fee Claim Today

We believe that everybody should have equal access to justice, and because of that belief, we offer all of our clients the option of entering into a No Win No Fee agreement when pursuing a claim.

What does this mean? Essentially, if your claim fails, you will not have to pay your solicitor any of the fees they have incurred in pursuing your case. You also won’t be liable to pay any upfront fees nor any costs while the claim is ongoing.

If the claim does succeed, your solicitor will deduct a small percentage of the compensation award to cover their costs. This percentage is capped by law, so you need not worry about losing much of your compensation.

Get In Touch With Our Expert Solicitors

Our team is available 24 hours a day, 7 days per week to answer any legal queries you may have. And there’s no obligation to proceed with a claim. You can get in touch in the following ways:

Data Breach Solicitors

Regardless of where you’re based, we can help you claim data breach compensation. Please see below for some of our dedicated guides:

Other Useful Guides

    Contact Us

    Fill in your details below for a free callback

    Name :
    Email :
    Phone :
    Services :
    Time to call :

    Latest News