Pharmacy Data Breach Compensation Claims Experts

100% No Win, No Fee Claims
Nothing to pay if you lose.

  • Free legal advice from a friendly solicitor.
  • Specialist solicitors with up to 30 years experience
  • Find out if you can claim compensation Call 0800 073 8804

Start My Claim Online

Pharmacy Data Breach Compensation Claims Guide – How Much Compensation Can I Claim? – Amounts For Pharmacy Data Breach

By Lewis Cobain. Last Updated March 2024. In this article, we’re going to look at when you might receive compensation for a pharmacy data breach. Since the General Data Protection Regulation (GDPR) was introduced (and enacted into law here by the Data Protection Act 2018), individuals have been given a lot more control over who can request their data, how long it is kept for and who it is shared with. Throughout this guide, we’ll look at when you could make a data breach claim if you find out that your personal information has been leaked.

Pharmacy data breach claims guide

Pharmacy data breach claims guide

The GDPR places a duty on pharmacies (and other organisations who hold data) to ensure that they have sound systems and processes in place to secure your data. They are also obliged to inform you and in some cases the Information Commissioner’s Office (ICO) when a data breach has happened.

While most pharmacies have secure systems in place, data breaches are still possible, and they’re usually caused by simple mistakes. If your data is exposed in a breach, then you could go on to seek compensation for the harm caused.

Legal Expert is here to help if you decide that a claim is necessary. Our advisors offer a no-obligation assessment of any claim along with free claims advice. If the claim appears viable, you’ll be referred to a specialist solicitor who could offer a No Win No Fee service if they accept your claim.

Please call us today on 0800 073 8804 if you’d to begin a pharmacy data breach claim. Otherwise, please carry on reading to find out more.

Select A Section

A Guide To Pharmacy Data Breach Claims

The GDPR affects most of us on a daily basis. While it’s a good thing because it helps to protect our data, it can be annoying at times too! It’s the reason that those pop-up boxes appear on websites asking you to allow tracking cookies to be used. When a website asks you to agree, they are complying with their duties under the GDPR.

In the same way, when you register with a pharmacy or you sign up to a new service they’re offering, you’ll likely be asked to fill out some forms. They might be online or paper-based and they’ll probably have questions or tick-boxes regarding your data. In general, you’ll be asked if the pharmacy can use your data for different purposes such as sharing it with the likes of the NHS or marketing preferences. Once your preferences have been recorded, it’s important that the pharmacy only uses your information in the ways that you’ve agreed.

As we progress, we’ll provide data breach examples, explain the data breach claims process and explain why making a claim is different from the GDPR fines process.

This article will help you to understand how a pharmacy data breach might occur, when you might be allowed to claim compensation, and what amount might be awarded. The time limit for making a data breach is 6-years (or 1-year for claims relating to human rights breaches). While that’s a long period of time, our advice is that starting earlier will make it easier to remember what happened after you became aware of the data breach by the pharmacy.

When you’re ready to begin a claim, or if you have any queries relating to a claim, please contact an advisor. We’ll provide free advice even if you don’t go on to make a claim.

What Is A Breach Of Pharmacy Customer Data?

The easiest way to define a data breach is when any type of information, which contains your personal information, is accessed, disclosed, lost or destroyed in a way which you have not authorised. It doesn’t matter if the reason for the data breach was accidental or a deliberate act, it could mean you’re entitled to ask for compensation.

Remember, if there is a pharmacy data breach, it could contain sensitive or personal information about you such as your personal details or the medication you’ve been prescribed. If that information reaches the wrong hands, it could cause distress, embarrassment or even used in crimes such that affect your finances for many years.

Most people probably think of a data breach happening because the data is hacked in a cybersecurity breach or cyberattack. While that is a possibility, it’s more likely that a privacy violation will happen because of human error. For instance, a data breach could happen simply because a printout containing your name, address and telephone number was left on the pharmacy counter and read by another customer. Another example might be where the pharmacy emails or posts a letter intended for you to another patient’s address.

If you are made aware of a pharmacy data breach that has affected you, please call Legal Expert for free advice on starting a data breach compensation claim. We’ll guide you through the process of making a personal data breach claim and could refer you to a specialist solicitor if your case has a reasonable chance of success.

How The GDPR Relates To Pharmacies

The GDPR affects most organisations in the UK, including pharmacies. It’s designed to provide individuals with some control over who holds their data, how it’s used and when it’s shared. The phrase ‘personal data’ means any type of information that can directly, or indirectly, help to identify you. For instance, personal data can include your name, address, email address, biometric information, gender or ethnicity.

There are several roles defined within the GDPR rules. Anybody identified as a data processor is bound by several key principles regarding data, which include:

  • Any data subject i.e. the patient, has to be informed of the purpose behind why information about them is going to be processed.
  • Data must only be retained for as long as defined at the point of collection.
  • Any personal information needs to be kept up to date.
  • It’s important that only the minimum amount of data is collected.
  • Collection of data should be confidential and secure.
  • Processing of any data should be fair, transparent and lawful.
  • The data controller (or person holding the data) should be able to demonstrate compliance of these principles.

As explained earlier, data breaches don’t just occur because of computer or network security issues. For instance, the principle that data should be stored securely could mean that a pharmacy has a lockable cabinet if storing paper records containing your personal information.

If you suspect that a pharmacy data breach has occurred because your pharmacy has broken GDPR rules, then you might be entitled to seek compensation for any harm caused. If that’s the case, why don’t you pick up the phone and call Legal Expert for free advice today?

Pharmacy Data Breach – Examples

A pharmacy data breach may result in you suffering mental health harm or could cause you financial loss. If you can prove that a pharmacy has breached UK GDPR regulations and data protection legislation and caused you harm as a result, you may have grounds for a valid claim.

Below we’ve included some examples of potential pharmacy data protection breaches:

  • Your health data may be sent to the wrong address, despite your correct address being on file
  • A prescription intended for you is accidentally given to the wrong person, subsequently revealing your address or revealing information about your health
  • A pharmacist may leave your records loaded on their computer screen but are not at their desk, meaning other staff members can access your information

If your pharmacy data has been breached, this could cause you psychological damage. If you have been affected by a pharmacy data breach, get in touch for free legal advice.

UK GDPR Breach Fines – Examples Of Pharmacy Data Breaches

In this section, we’ll discuss examples of pharmacy data breaches, as well as examples of ICO fines for data protection breaches.

In the case of Doorstep Dispensaree Ltd, the pharmacy was fined £275,000 by the ICO. The pharmacy offers care homes and customers medication but was fined after 500,000 documents containing medical data as well as patient names, addresses and dates of birth, were discovered in unlocked containers. The containers were outside and were water damaged.

For further examples of UK GDPR breach fines, or if you have suffered from a similar pharmacy data breach, get in touch, and one of our advisors could discuss your eligibility to claim.

Making A Complaint To The Information Commissioner’s Office

When you find out about a data breach containing your personal information, you may well decide that you’d like to claim compensation for any harm it has caused. While you’re well within your rights to do so, you might find it difficult to identify why the breach happened and what information was leaked.

One way you could try to obtain this information is to make an official complaint to the pharmacy. They should investigate what happened and provide you with some answers. If you’re unhappy with the information provided, you could take your claim to the Information Commissioner’s Office (ICO) and ask them to investigate what happened.

If this is the route you’re going to take, you need to be aware that the ICO doesn’t usually investigate cases that have taken a long time to reach them. Therefore, you should let them know what’s happened around 3-months after your last meaningful contact with the pharmacy.

One thing you should bear in mind is that while the ICO can fine companies in the UK, they can’t award you any compensation. That’s why we advise you to hire a solicitor to begin a claim against the pharmacy directly.

In some cases, your solicitor could negotiate on your behalf and try to settle the claim with the pharmacy without the need for an ICO investigation. In other cases, it might be useful to have the results from the ICO to make proving what happened easier. When you discuss your claim with your solicitor, they’ll explain what process they would like to follow. Therefore, we’d advise checking with a solicitor before making a formal complaint.

If you’re ready to start a claim and would like Legal Expert to represent you, why not call today and explain how you’ve been affected by a pharmacy data breach?

What Could You Claim For After A Medical Data Breach Or Leak?

So far in our article, we’ve tried to answer the question, “Can I get compensation for a data breach?” Over the next two sections, we’re going to review what you can claim for and how much might be paid. When you make a data breach claim, it is possible to seek damages for:

  • Material Damage. This usually relates to any financial losses you’ve incurred as a direct result of the data breach. For instance, you might’ve lost out if your data was used in an identity theft crime.
  • Non-material damage. This will relate to any psychological injuries that have been caused by the data breach, such as anxiety, sleeplessness or depression.

The way in which you have suffered will be unique to your case so we can’t explain exactly what you can claim for in this guide. However, once your claim has been assessed by one of our solicitors, you’ll be told what can be included. Importantly, unlike other types of claims, you are able to seek compensation even if there has been no financial impact.

If your claim is accepted, your solicitor will need to assess how you’ve been affected. For instance, they’ll consider whether anxiety, stress, distress or depression has caused you to struggle with life, education or work and whether it’s caused problems with your friends or family. Furthermore, if there’s been a financial impact, your solicitor will consider whether this is a long-term issue that could affect your ability to obtain credit, for instance.

As you can see from the information above, the process of claiming for a data breach isn’t as straightforward as you might think. Therefore, why not let one of our specialist solicitors manage your claim for you? Their experience and knowledge could prove vital in helping you secure the right amount of compensation for your case.

Working Out How Much Compensation Data Breach Victims Could Claim

Proving how much compensation should be paid for a data breach is quite a tricky thing to do. However, a case at the Court of Appeal (Vidal-Hall and others v Google Inc [2015]) established that it’s possible to compensate a victim for a data breach even if they didn’t incur any financial losses. That means it’s possible to claim for any psychological harm caused by the breach and the judgment by the court suggests that payments should be made in line with personal injury law.

Therefore, we’ve listed some example compensation figures that could be relevant in the table below. The figures are taken from a document that courts, insurers and solicitors use when valuing claims called the Judicial College Guidelines (JCG).

Claim Severity Range of Compensation Additional comments
Psychiatric Damage (general) Severe £54,830 to £115,730


You may be unable to work or cope with life.
Psychiatric Damage (general) Moderately Severe £19,070 to £54,830


Although symptoms are significant, the prognosis is more optimistic.
Psychiatric Damage (general) Moderate £5,860 to £19,070 A marked improvement by trial will have occurred.
Psychiatric Damage (general) Less Severe £1,540 to £5,860


The length of the period you suffer symptoms is considered in this award bracket.
Post-Traumatic Stress Disorder Severe £59,860 to £100,670


Any aspect of your life is badly impacted.
Post-Traumatic Stress Disorder Moderately Severe £23,150 to £59,860 Disability is significant and likely for the foreseeable future.
Post-Traumatic Stress Disorder Moderate £8,180 to £23,150 Ongoing symptoms are not too impactful.

As the JCG base settlements on the severity of your illness, your solicitor will need to provide evidence that demonstrates exactly how you’ve suffered. To do this, during the claims process, you’ll be asked to attend a local medical assessment. During the appointment, a medical specialist such as a psychiatrist will ask questions about the effect the data breach has had on you. They’ll also review any relevant medical records. After the appointment is over, a report will be written with the specialist’s findings and sent to your solicitor.

No Win No Fee Pharmacy Data Protection Breach Claims

We know from experience that many potential claimants never make a claim because they’re too worried about losing money if their claim fails. To ease that worry, and to reduce your financial risk when claiming, our team of solicitors offer a No Win No Fee service for any claim they accept.

They will, of course, need to review the case before agreeing to work on that basis but, once they’re happy to continue, they’ll provide you with a Conditional Fee Agreement (CFA) to sign.

The CFA is the contract that is used to fund the solicitor’s work. It provides you with many benefits, including:

  • You won’t be charged any upfront fees.
  • You won’t be asked to pay solicitor’s fees while the claim continues.
  • If the claim is unsuccessful, you’re not liable for any solicitor’s fees.

Should the claim be won, and you receive compensation, the solicitor will retain a small portion known as a success fee to cover their work. So that you’re aware of the percentage you’ll pay, the success fee (which is limited by law) is listed in the CFA clearly.

Please contact us today if you’d like to check whether you’re eligible to claim on a No Win No Fee basis.

Finding Data Protection Breach Solicitors

When looking for a solicitor to help you claim, you might search for local data breach solicitors, read reviews or ask friends for their recommendations. While these could all help you find the right law firm to help you, it’s possible to save yourself time by calling Legal Expert instead.

Our team of solicitors has decades of experience in handling all sorts of claims and will be happy to consider your case. So please use the contact details in the next section to start a claim today.

Contact A Data Breach Solicitor

To contact Legal Expert to discuss your claim you can:

  • Call us on 0800 073 8804 and speak to a fully trained advisor.
  • Start an online claim and we’ll call you back at a suitable time.
  • Ask an online advisor for advice using our live chat feature.
  • Email us on with a summary of your claim.

Extra Resources

Finally, we’d like to provide you with some additional resources and guides that we think could prove useful. Please contact us if there’s anything else you’d like to know.

Pharmacy Compensation Claims – This guide explains when a mistake caused by a pharmacy could lead to compensation.

NHS Claim Time Limits – A guide which explains what time limits apply to different types of claims.

Hospital Negligence Claims – Information on lodging a compensation claim against a hospital whose negligence has caused you to suffer.

Pharmacy Complaints – Guidance on the correct process to follow if you’d like to complain about a pharmacist.

Pharmacy Inspections – The Care Quality Commission (CQC) inspect and provide ratings for individual pharmacies.

Find A Local Pharmacy – An online tool from the NHS that allows you to locate pharmacies near you.

Other Useful Compensation Guides

Guide by Hambridge

Edited by Billing

    Contact Us

    Fill in your details below for a free callback

    Meet The Team

    • Patrick Mallon

      Patrick is a Grade A solicitor having qualified in 2005. He's an an expert in accident at work and public liability claims and is currently our head of the EL/PL department. Get in touch today for free to see how we can help you.

      View all posts