Company Data Breach

100% No Win No Fee Claim, Nothing to pay if you lose.

  • Data breach victims get maximum compensation
  • Get help from a friendly solicitor
  • Specialist solicitors with up to 30 years of experience
  • Find out if you can claim compensation Call 0800 073 8804

Start My Claim Online

Can You Sue A Company For A Data Breach?

By Stephen Hudson. Last Updated 30th January 2024. If you’re wondering ‘Can you sue a company for a data breach?’, this guide aims to help you. Personal data is a valuable asset for businesses. Many organisations require personal information to provide a service. A failure to protect such personal data can have serious consequences.

Can you sue a company for a data breach

A guide answering the question ‘Can you sue a company for a data breach?’

Personal data that has been breached due to security failures or poor data protection processes can have devastating consequences for the individual affected. Cybercrime and human error are among the main causes of data breaches today.

Therefore, if you have suffered financial loss or emotional distress due to a breach of your personal information, you may be eligible to make a claim. Operating on a No Win No Fee basis, our solicitors could support you. To see if you can be connected, contact our advisors today. Call 0800 073 8804 or raise your claim online.

Our advisors are available 24/7 and give free legal advice.

Here’s our quick explainer video on how you can claim compensation:

Select A Section

  1. Can You Sue A Company For A Data Breach?
  2. How Could A Data Breach Impact You?
  3. What Can You Do If You Think A Company Breached Your Data Protection?
  4. How Much Can You Sue A Company For A Data Breach For?
  5. No Win No Fee Data Breach Claims

Can You Sue A Company For A Data Breach?

Personal data breaches occur when personal information is unlawfully or accidentally lost, accessed, disclosed, destroyed or changed following a security breach. Personal data or personal information is data that can be used to identify you. 

The purpose of the UK GDPR framework, introduced in 2018, was to enforce personal data protection across businesses. It does not matter whether a data breach was deliberate or accidental, personal data should be protected.

Personal data includes information relating to an identified or identifiable individual such as a contact name or number. It can also include:

You could sue for any financial or psychological damage caused by a data breach. However, the data breach would need to involve your personal data and be caused by the wrongful conduct of an organisation that was in control of protecting your data.

If you’ve got any questions about data breach claims, why not get in touch? Our advisors are here for you 24/7 and give free legal advice.

How Could A Data Breach Impact You?

If your personal data is involved in a data breach, then this could potentially have different types of harmful consequences:

  • Financial losses – If your personal data is exposed or lost due to a data breach, then this could lead to consequences that cause you to suffer financial losses. For instance, if your credit card information was compromised in a data breach, this could lead to unknown charges being made to that card which could also impact your credit score.
  • Psychological harm – The knowledge that your personal data has been breached and could potentially lead to issues such as financial losses or reputational damage can be incredibly stressful. Therefore, you could suffer from a variety of psychological injuries following a personal data breach, such as anxiety, depression or post-traumatic stress disorder (PTSD).

You may be asking, “Can you sue a company for a data breach?”. If you have suffered financial or mental harm due to a personal data breach that was caused by the organisation’s failings, then you may be able to make a personal data breach claim.

Contact our advisors for free today for more advice about starting a valid data breach claim.

Time Limits For Data Breach Claims

If you are suing for a data breach that compromised your personal data, you must also ensure that you start your claim within the correct time limit.

Generally, you will have 6 years to start a personal data breach claim. This time limit is reduced to one year if you are claiming against a public body.

To find out whether you are within the time limit to start a personal data breach claim, you can contact our team of advisors. They can also offer you free advice and answer any of the questions you may have. Furthermore, if they think you may have a strong case, they could connect you with one of our solicitors.

What Can You Do If You Think A Company Breached Your Data Protection?

The Information Commissioner’s Office (ICO) is the independent UK body involved in upholding personal information rights. Under the UK GDPR framework, organisations have a duty to report personal data breaches that risk your rights and freedoms to the ICO within 72 hours. A secondary duty is required to inform you of the personal data breach without undue delay. Organisations should have a clear justification for failure to report a personal data breach.

You have various options following a suspected breach:

  • Complain to the organisation involved – you should attempt to contact the business where the breach occurred. If you don’t get a satisfactory response or recieve no response you could contact the ICO.
  • Contact the ICO – you should inform the ICO of the breach only if the organisation didn’t respond to you satisfactorily. You should do this within 3 months of the organisation’s final response on the matter.
  • Contact a UK GDPR claims specialist – you could contact a specialist solicitor to advise you regarding your own unique case. Such a specialist will be able to provide information regarding compensation, help gather evidence and consider the merits of your case.

How Much Can You Sue A Company For A Data Breach For?

Under the UK GDPR, it is possible to seek compensation for two types of damages. Material damage relates to your finances. Therefore, if you have suffered identity theft or your credit score has been affected by a data breach, you could be compensated.

Non-material damage relates to your mental wellbeing. Therefore, if you have suffered harm such as stress, anxiety or even post-traumatic stress disorder (PTSD) you could be compensated.

Compensation for material damages is variable and depends on the financial losses incurred by an individual. Compensation for non-material damages is also variable but depends on the severity of the emotional damage sustained by an individual.

The compensation table below shows examples of potential awards as outlined in the Judicial College Guidelines’ 16th edition, published in April 2022. Solicitors can use these guidelines when valuing injuries. Please note that the first entry in this table is an estimated figure and is not based on the Judicial College Guidelines.

Injury Severity Potential Compensation Comments
Serious impact to mental health with significant financial losses Serious Up to £150,000+ The person has experienced a severe impact to their mental health with a poor prognosis and this has resulted in substantial monetary losses, such as the cost of home care and loss of earnings.
Psychological Damage Severe £54,830 to £115,730 The person has problems with their ability to cope and has future vulnerability.
Psychological Damage Moderately Severe £19,070 to £54,830 Significant issues, as above, but with a more positive prognosis.
Psychological Damage Moderate £5,860 to £19,070 Issues but a clear improvement by the time of trial.
Psychological Damage Less Severe £1,540 to £5,860 The length of the disability period and how much sleep is impacted will be taken into account.
Post-Traumatic Stress Disorder Severe £59,860 to £100,670 Effects are permanent and the person may not be able to work at all.
Post-Traumatic Stress Disorder Moderately Severe £23,150 to £59,860 A better prognosis than the above.
Post-Traumatic Stress Disorder Moderate £8,180 to £23,150 The person has mostly recovered and any continuing effects aren’t too disabling.
Post-Traumatic Stress Disorder Less Severe £3,950 to £8,180 Within 1 to 2 years, there’s a practically full recovery.

If you’d like our advisors to value your claim for free, why not get in touch?

No Win No Fee Data Breach Claims

If you contact our advisors about your potential personal data breach claim, they could review your case and determine if it’s valid. If they find it is, then they could put you in touch with one of our solicitors. Our No Win No Fee solicitors can support data breach claims under a Conditional Fee Agreement (CFA).

If you claim for a data breach under a CFA, you generally won’t have to pay your solicitor for their services before the claim starts or while it is being processed. You also normally won’t need to pay for their services if the claim fails.

If your claim is successful, then your solicitor takes a success fee to cover their payment. This means a small and legally capped percentage of the compensation awarded to you will be subtracted by your solicitor.

Contact our advisors for free today to ask questions such as “Can you sue a company for a data breach?” or to learn more about No Win No Fee solicitors. You can contact them by:


Here are some more of our guides:

These external sources could also be useful to you:

If you have any questions about claiming or want clarity on our answer to ‘Can you sue a company for a date breach?’, just get in touch.

    Contact Us

    Fill in your details below for a free callback

    Meet The Team

    • Patrick Mallon

      Patrick is a Grade A solicitor having qualified in 2005. He's an an expert in accident at work and public liability claims and is currently our head of the EL/PL department. Get in touch today for free to see how we can help you.

      View all posts