Data Breach Compensation – A Complete Guide To GDPR Data Breach Claims
By Max Mitrovic. Last Updated 5th August 2022. If your personal or sensitive information has been exposed or accessed without your consent, you could be entitled to claim data breach compensation.
Below, you can find lots of useful information on making a data breach claim, as well as our research report on the number of police data breaches committed in the last couple of years.
Our Investigation Into The Number Of Data Breaches By British Police Forces
Police forces in the UK play a pivotal role in keeping us safe. They keep large amounts of personal data about their employees and members of the public, including witnesses, suspects, and criminals. For example:
- An individual’s name;
- Home address;
- Email address;
- Telephone number.
Additionally, police departments also have access to special category data, including:
- Information on criminal offences;
- Genetic and biometric information;
- Individual employee details, including their racial or ethnic background, union membership, and sexual orientation.
As per the rules set out in the UK GDPR and the Data Protection Act 2018, all controllers of data must take steps to keep it safe and secure. It is critical that police forces meet these obligations too.
For the past 6 months we have investigated data breaches in police forces in the UK between January 2019 and November 2021.
For the purposes of our investigation, we submitted Freedom Of Information (FOI) requests to 43 territorial police forces in England and Wales, the national police forces in Scotland and Northern Ireland, and three specialist police forces to find out the number of breaches of data protection and the circumstances that may be causing these breaches.
Given the scope of the information we requested, some police forces took longer to respond or were unable to respond at all.
89% of police forces responded to our FOI request. The information provided led to several surprising conclusions:
- There were 13,332 suspected security incidents or data breaches
- Approximately 19 data breaches occurred each day, or one every 76 minutes
- 90% of forces had at least one suspected data security incident
- 59% of responding forces had identified at least 100 suspected data breaches or security incidents
The top ten police forces most frequently affected by suspected data breach incidents were as follows:
- Police Scotland – 2,809 suspected incidents
- Kent Police and Essex Police – 1,356 suspected incidents
- Lancashire Police – 1,317 suspected incidents
- West Mercia Police – 1,252 suspected incidents
- Cheshire Constabulary – 956 suspected incidents
- Devon and Cornwall Police – 869 suspected incidents
- Norfolk Constabulary and Suffolk Constabulary – Close to 800 incidents
- West Yorkshire Police – 641 suspected incidents
- Avon and Somerset Police – Over 600 suspected incidents
- Dorset Police – 479 suspected incidents
Most concerning of all, we discovered that email misuse accounts for about 28% of all police data breaches, indicating that many of these breaches—and the subsequent damage they may cause— could be prevented.
You may already be aware that police data breaches can have a big impact on people’s lives. If, for instance, the defendant learns of any sensitive witness information, entire cases may fall apart.
Victims of human errors like this can experience distress and could even start to worry for their safety, causing psychological conditions to develop such as anxiety and post-traumatic stress disorder.
Download The Report
Our report is free to download in PDF form.
All we ask is that you include a source link to this page when you refer to it on your website or platform.
Learn More About Claiming Data Breach Compensation
Specifically, you can find details on:
- The role of the Information Commissioner’s Office (ICO)
- The roles of the General Data Protection Regulation (GDPR) and Data Protection Act 2018
- What organisations could be subject to a data breach claim
- How much compensation you could get after a data breach
- And how you can make a No Win No Fee claim with our expert solicitors.
We’ll also answer questions like:
- How long does a data breach claim take?
- And how much is a data breach claim worth?
We’ll answer many more questions below. You can jump to the section that interests you most by clicking below.
Select A Section
- What Is A Data Breach Compensation Claim?
- Who Can You Make A Data Breach Claim Against?
- What Is The Information Commissioner’s Office (ICO)?
- Data Breach Compensation Awards
- Data Breach Guides
- Start Your No Win No Fee Claim Today
- Get In Touch With Our Expert Solicitors
A data breach is the unlawful disclosure or accessing of personal data without your consent. This personal data may have been misused, disclosed, destroyed or lost. It may have occurred as a result of human error or because of a cyberattack.
A data breach could cause all types of damage and harm. If, for example, your GP sends a letter containing sensitive information to your neighbour’s address and they happen to read the content of that letter, it may provoke significant stress and anxiety.
There may also be financial harm inflicted too. If your bank details have been accessed in a cyberattack, for example, you may be subject to identity theft.
If you’ve been the victim of a breach of privacy, you’re entitled to make a claim under data protection law.
There are time limits in place when it comes to making a data breach claim. From the date of the breach, you have 6 years to begin proceedings, or 1 year if it involves a human rights issue. Our advice is to take action as soon as possible. The longer you delay, the harder it might be to recall details or trace evidence.
In our modern world, we’re forever consenting to organisations holding onto our data. This may be an online store, the local council or your NHS GP and hospital.
The body in charge of monitoring and enforcing data protection laws is the Information Commissioner’s Office (ICO). They have over the past few hours issued fines, some of them significant, to a number of different companies and organisations. For example:
- British Airways was fined £20m in October 2020 for failing to protect the personal and financial data of in excess of 400,000 customers. British Airways had been subjected to a cyberattack in 2018, which went undetected for more than 2 months.
- In July 2019, the ICO gave notice of its intention to fine international hotel chain Marriott £99m. This followed a cyberattack in which the personal data of 339 million global customers was accessed, including 7 million in the UK.
- In 2018, an error in the system used by the NHS led to 150,000 patients being involved in a data breach.
The ICO is an independent organisation that is charged with enforcing compliance with the GDPR and the Data Protection Act 2018. They’re also charged with enforcing compliance with other laws, such as the Privacy and Electronic Communications Regulations (PECR), as well as other legislation.
If you believe that you’ve fallen victim to a data breach, the ICO recommends contacting the organisation directly to complain. If nothing comes of that complaint then you can take the matter up with the ICO, ideally no later than 3 months since you last heard from the organisation.
As we’ve seen above, the ICO can issue hefty fines, like the £20m they gave to British Airways. But above all, the ICO seeks to enforce compliance with the laws. They provide recommendations and guidance on how organisations can fix problems with data protection.
The ICO, however, cannot provide you with data breach compensation. To achieve that, you’d need to make a claim yourself.
Under data protection law, it’s possible to seek compensation for two forms of damage:
- Material damage – this relates to your finances. If you suffer monetary or identity theft, or damage to your credit rating, you can seek compensation to account for this form of harm.
- Non-material damage – relates to your mental health. If the data breach has created stress in your life, anxiety, depression, or even post-traumatic stress disorder, it’s possible to seek compensation for these conditions, as well as the impact they’ve had on your life as a whole, such as impacting your ability to work and socialise.
Data Breach Compensation Examples
The Judicial College Guidelines can provide you with a better idea of what you could receive for non-material damages as part of your data breach claim. As previously mentioned, non-material damages relate to the psychological injuries that you’ve suffered. In order to claim successfully, you would need to prove that you’ve suffered one of the two types of damages listed above and that the data breach occurred due to the action or inaction of a data processor or controller.
The data breach compensation you could receive for psychological injuries will be determined by factors such as the extent of the injury and how badly it has impacted your everyday life. Please bear in mind that the below figures are not guaranteed, simply compensation brackets from successful claims that have happened in England and Wales.
The figures have been taken from the latest guidelines, published in 2022.
|Injury Type||Severity||Features of Injury||Compensation Bracket|
|Post-Traumatic Stress Disorder||Severe||Permanent symptoms that completely stop the injured person from functioning anywhere near the pre-trauma level.||£59,860 to £100,670|
|Post-Traumatic Stress Disorder||Moderately Severe||Better prognosis will be achieved due to a positive reaction to professional care.||£23,150 to £59,860|
|Post-Traumatic Stress Disorder||Moderate||The injured person will have mostly recovered from their injuries. Any symptoms that continue will not be particularly disabling.||£8,180 to £23,150|
|Post-Traumatic Stress Disorder||Less Severe||Virtual full recovery will be made within a year or two. Symptoms of a minor nature may still persist for longer.||£3,950 to £8,180|
|General Psychiatric Damage||Severe||Prognosis will be poor due to the injured person’s inability to cope with life as well as future vulnerability.||£54,830 to £115,730|
|General Psychiatric Damage||Moderately Severe||Serious problems will persist. However, prognosis will be a lot more optimistic than in more severe cases.||£19,070 to £54,830|
|General Psychiatric Damage||Moderate||Prognosis will be good due to a noted improvement through care and professional help.||£5,860 to £19,070|
|General Psychiatric Damage||Less Severe||How long the disability affected the injured person and the extent to which aspects like sleep were affected will be taken into consideration.||£1,540 to £5,860|
Data breach claims can be complex so it’s difficult to provide you with an estimate specifically relating to your injury unless you contact us. You can do so for free at a time that works for you using the details above.
Below, you can find links to some of our published data breach claims guides.
- Data breach claims FAQ
- Solicitor data breaches
- Stalker data breach claims
- How to report a data breach incident
- Nursery data breaches
- Housing association data breaches
- Medical records data breach
- Medical data breaches
- Local authority and council data breaches
- HR data breaches
- I suffered stress after a data breach, can I make a claim?
- Comparison site data breaches
- GP data breaches
- Dentist data breaches
- Optician data breaches
- Pharmacy data breaches
- Social services data breach
- My personal data has been lost, what are my rights?
- Private healthcare medical data breach
- Credit card data breach claims
- Employer data breaches
- Loan company data breach compensation claims
- Mortgage company data breaches
- School data breach claims
- Hotel data breaches
- Unauthorised access to patient records
- Suing social services
- Claiming Compensation For Loss Of Medical Records
- Can I get compensation for loss of medical records?
- Can I claim compensation for a passport data breach?
- Finding Data Breach Solicitors Near Me
- Trade Union membership details data breach
- Sort code and account number data breach claims
- Data breach solicitors for Cheltenham
- A company misused my personal data, can I make a claim?
- Criminal convictions disclosed in a data breach? See if you can claim
- Loan Company Data Breach Compensation Claims
- My Personal Data Has Been Lost After A Data Breach – What Are My Rights?
- Stolen Phone Data Breach Claims
- Treatment Centres Data Breach Claims
- My Employer Has Breached UK GDPR, Can I Claim?
- My Data Was Not Secured, Can I Claim For A Data Breach?
- Can You Sue A Company For A Data Breach?
- University data breaches
- Queen Margaret University data breaches
- University of Westminster
- Northumbria University
- University of Wolverhampton
- University of the Arts London
- University of Worcester
- University of Plymouth
- Glasgow Caledonian University
- University of Winchester
- University of Suffolk
- Edinburgh Napier University
- University of Buckingham
- University of the Highlands and Islands
- University of Warwick
- University of Sussex
- Teesside University
- University of Surrey
- The University of the West of England
- Staffordshire University
- University of Wales
- University of Brighton
- Swansea University
- Sheffield Hallam University
- University of West London
- Bangor University
- University of Aberdeen
- University of Bath
- University College Birmingham
- Abertay University
- Birmingham City University
- Anglia Ruskin University
- Canterbury Christ Church University
- University of Huddersfield
- University of Central Lancashire
- University of Cambridge
- Liverpool Hope University
- Liverpool John Moores University
- London South Bank University
- University of Leicester
- Leeds Beckett University
- Leeds Arts University
- London Metropolitan University
- University of Newcastle
- University of Hull
- University of Manchester
- Leeds Trinity University
- Ravensbourne University London
- Regent’s University
- Plymouth Marjon University
- University of Greenwich
- University of Nottingham
- University of Bolton
- University of Leeds
- Bath Spa University
- Oxford Brookes University
- University of Kent
- The Open University
- Nottingham Trent University
- Lancaster University
- Kingston University
- Roehampton University
- University of Bedfordshire
- Cardiff Metropolitan University
- Cranfield University
- University of Derby
- The Arts University Bournemouth
- Cardiff University
- Falmouth University
- University of Bradford
- University of Cumbria
- University of Essex
- Royal Agricultural University
- Durham University
- University of Reading
- Loughborough University
- University of London
- De Montfort University
- University of East Anglia
- Aberystwyth University
- University of Birmingham
- Brunel University
- University of Bristol
- Aston University
- University of Exeter
- University of Glasgow
- Newman University
- Bishop Grosseteste University
- University of Southampton
- University of Chester
- University of East London
- Solent University
- University of Liverpool
- Imperial College London
- University of Salford
- Robert Gordon University
- University of Oxford
- University of Gloucestershire
- Manchester Metropolitan University
- Norwich University
- Middlesex University
- University of Lincoln
- University of Edinburgh
- University of Sheffield
- University of Northampton
- Harper Adams University
- St Marys University Twickenham
- Keele University
- University of Portsmouth
- NHS data breach compensation claims guide
- Watford Community Housing data breaches
- Leads Work Limited
- Flagship Group
- Transform Hospital Group
- BUPA Healthcare
- Premier Inn
- Post Office Money
- Holmes Financial Solutions
- Three data breach claims
- Keurboom Communications
- Independent Inquiry Into Child Sexual Abuse
- Tesco Clubcard
- Central London Community Healthcare Trust
- Brighton and Sussex University Hospitals
- NHS Surrey
- Blackpool Teaching Hospitals
- Public Health Wales
- Well Pharmacy
- Superdrug Pharmacy
- Royal Free Hospital
- Marriott International Hotels
- Virgin Healthcare
- HCA Healthcare
- British Airways
- Chelsea and Westminster Hospital NHS Foundation Trust
- Kings College Hospital
- Spire Healthcare
- Tesco Pharmacy
- Hilton Hotels and Resorts
- St Georges Healthcare NHS Trust
- Kettering General Hospital
- Dixons Carphone Warehouse
- Morrisons Pharmacy
- Asda Pharmacy
- Boots Advantage Card
- Holiday Inn
- Ibis Hotels
- Gordons Chemist
- Ramsay Healthcare
- Post Office
- Royal Bank of Scotland
- Doorstep Dispensaree
- Capital One
- Ministry of Defence
- The Police
- Costa Coffee
- Lloyds Pharmacy
- BMI Healthcare
- Nuffield Health
- Standard Chartered
- HSBC Bank
- Crown Prosecution Service (CPS)
- TSB Bank
- Lloyds Bank
- Virgin Media
- Foxtons Estate Agents
- Virgin Mobile
- Sainsbury’s Bank
- Bank data breach compensation claims
- H&M data breach
- Home Group
- Malaysia Airlines
- Compare The Market
- Greater Manchester Combined Authority
- Coventry City Council
- Derby City Council
- Newcastle City Council
- Chelmsford Council
- Medway Council
- City of Lincoln Council
- Reading Borough Council
- Doncaster Council
- Greater London Authority
- Stockport Council
- Hastings Borough Council
- Hartlepool Borough Council
- Sunderland City Council
- St Albans Council
- Charnwood Borough Council
- North Lincolnshire Council
- South Tyneside Council
- Sefton Council
- Carlisle City Council
- Newcastle Under Lyme Borough Council
- Bracknell Council
- Tamworth Borough Council
- Scarborough Borough Council
- Derbyshire Dales District Council
- Rochdale Council
- Wolverhampton Council
- Southampton City Council
- Southend-on-Sea Borough Council
- Hull City Council
- St Helens Borough Council
- Swindon Borough Council
- Milton Keynes Council
- Derbyshire County Council
- Stoke-on-Trent City Council
- Exeter Council
- Bolton Council
- Salford City Council
- Lewes and Eastbourne Council
- Northampton Borough Council
- Bradford Council
- Nottingham City Council
- Buckinghamshire Council
- Luton Borough Council
- Stevenage Council
- Harlow District Council
- Plymouth City Council
- Ashford Borough Council
- Stockton-on-Tees Borough Council
- Chesterfield Council
- Sutton Coldfield Council
- Crawley Borough Council
- Maidstone Council
- Calderdale Council
- Barnsley Council
- Sandwell Council
- Bedford Borough Council
- Redditch Borough Council
- Halton Borough Council
- Guildford Borough Council
- Kent County Council
- Eastleigh Borough Council
- Stafford Borough Council
- Wrexham County Borough Council
- Mansfield District Council
- Rugby Borough Council
- Birmingham Council
- Oxford City Council
- Liverpool City Council
- Leeds City Council
- Leicester City Council
- Bournemouth Borough Council
- Durham County Council
- Wiltshire Council
- Bristol County Council
- Middlesbrough Council
- Nuneaton and Bedworth Council
- Hereford Council
Police Data Breaches
- Police Employee Data Breach Claims
- Merseyside police data breach
- Bedfordshire police data breach
- Gwent police data breach
- Cambridge constabulary data breach
- British transport police data breach
- Hertfordshire police data breach – can you claim compensation?
We believe that everybody should have equal access to justice, and because of that belief, we offer all of our clients the option of entering into a No Win No Fee agreement when pursuing a claim.
What does this mean? Essentially, if your claim fails, you will not have to pay your solicitor any of the fees they have incurred in pursuing your case. You also won’t be liable to pay any upfront fees nor any costs while the claim is ongoing.
If the claim does succeed, your solicitor will deduct a small percentage of the compensation award to cover their costs. This percentage is capped by law, so you need not worry about losing much of your compensation.
Our team is available 24 hours a day, 7 days per week to answer any legal queries you may have. And there’s no obligation to proceed with a claim. You can get in touch in the following ways:
- By calling us on 0800 073 8804
- Writing to us with details of your case by clicking here.
- Or sending us a message via our live chat function, which can be found bottom right.
Data Breach Solicitors
Regardless of where you’re based, we can help you claim data breach compensation. Please see below for some of our dedicated guides:
- Working with data breach solicitors
- Grimsby data breach solicitors
- Aldridge data breach solicitors
- Barnsley data breach solicitors
- North Tyneside data breach solicitors
- Stockport data breach solicitors
- Wirral data breach solicitors
- Sunderland data breach solicitors
- Salford data breach solicitors
- St Helens data breach solicitors
- Walsall data breach solicitors
- Swansea data breach solicitors
- Newcastle Upon Tyne data breach solicitors
- Chesterfield data breach solicitors
- Derby data breach solicitors
- Kingston Upon Hull data breach solicitors
- Sandwell data breach solicitors
- Trafford data breach solicitors
- Rochdale data breach solicitors
- Sefton data breach solicitors
- Rotherham data breach solicitors
- Bolton data breach solicitors
- Folkestone data breach solicitors
- Halifax data breach solicitors
- Dover data breach solicitors
- Salisbury data breach solicitors
- Ipswich data breach solicitors
- Southampton data breach solicitors
- Oldham data breach solicitors
- Tameside data breach solicitors
- Stoke On Trent data breach solicitors
- Plymouth data breach solicitors
- Calderdale data breach solicitors
- Rhondda data breach solicitors
- Nottingham data breach solicitors
- Manchester data breach solicitors
- Liverpool data breach solicitors
- Leicester data breach solicitors
- Doncaster data breach solicitors
- Bristol data breach solicitors
- East Riding data breach solicitors
- Dudley data breach solicitors
- Coventry data breach solicitors
- Wigan data breach solicitors
- Leeds data breach solicitors
- Cardiff data breach solicitors
- Wakefield data breach solicitors
- Sheffield data breach solicitors
- Birmingham data breach solicitors
- Bradford data breach solicitors
- Wolverhampton data breach solicitors
- Solihull data breach solicitors
- Wokingham data breach solicitors
- Eastleigh data breach solicitors
- Fareham data breach solicitors
- Telford and Wrekin data breach solicitors
- Newcastle Under Lyme data breach solicitors
- Northampton data breach solicitors
- Bury data breach solicitors
- Rayleigh data breach solicitors
- Hartlepool data breach solicitors
- Luton data breach solicitors
- Warrington data breach solicitors
- Portsmouth data breach solicitors
- Westminster data breach solicitors
Other Useful Guides
- How to make a claim for a DVLA data breach
- Merseyside Police Data Breach – Can I Claim?
- Can I Claim After A GP Data Breach?
- NHS Data Breach Compensation Claims Guide
- My Personal Data Has Been Lost After A Breach, What Are My Rights?
- North Tyneside Council Data Breach
- Can I Claim Compensation for Loss of Medical Records?
- Crown Prosecution Service Data Breach Compensation Claims
- University Of Leeds Data Breach Compensation Claims
- University Of Reading Data Breach Compensation Claims
- Failure To Use Blind Carbon Copy (BCC) On Email – Can I Make A Data Breach Claim?
- University Of Birmingham Data Breach Compensation Claims
- University Of Exeter Data Breach Compensation Claims
- HSBC Bank Data Breach Compensation Claims
- School Data Breach Compensation Claims
- Stolen Computer Data Breach Claim
- My Employer Exposed My Disciplinary Information In A Data Breach
- My Ethnicity Was Disclosed In A Data Breach
- Psychiatrist Data Breach Compensation Claims
- Counsellor Data Breach Compensation Claims
- Joint Bank Account Data Breach Claims Calculator
- My Personal Information Was Shared On A Company Email
- How To Make A Psychologist Data Breach Claim
- Sexuality Data Breach Compensation Claims
- Probation Officer Data Breach Claims Calculator
- Data Breach Compensation Calculator
- Medical Test Results Data Breach Claims
- Stolen Documents Data Breach Claim
- Sexual Health Clinic Data Breach Claims
- Teacher Breached My Child’s Personal Data Claims
- Is Revealing My Phone Number A Breach Of UK GDPR?
- Data Breach Via Dropbox Compensation Calculator
- Customer Service Data Breach Compensation Claims
- Administrator Breached My Data Privacy Claims