UK GDPR Breach – Compensation Calculator
By Lewis Cobain. Last Updated 30th November 2023. In this guide, we explain what a UK GDPR breach is and how a compensation calculator can help when estimating what could be awarded in a successful personal data breach claim. The laws around the safe use of your personal information are tighter than ever since the introduction of new data security legislation. Under the new laws, if data has been breached because those who were handling it (data controller or processor) failed to adhere to data protection laws and it causes distress then you could have a right to be compensated.
If data controllers or processors (those organisations that handle personal data) are found not to be applying the UK General Data Protection Regulation (UK GDPR) and The Data Protection Act 2018 properly could suffer a fine from the governing body called the Information Commissioner’s Office (ICO). It could also enable you to seek compensation for emotional distress and financial trouble if your personal data is breached as a result.
Speak to our team in complete confidence now to learn more about what your rights are after a data breach. They can advise how our data breach specialists could help you with your data breach claim. Simply:
- Call our advisors on 0800 073 8804
- Claim online at Legal Expert
- Request a ‘call me back’
- Or carry on reading the sections below and use the highlighted links for more reading
You can also watch our video below which explains the key takeaways from our guide:
Select A Section
- What Is A UK GDPR Data Breach?
- Types Of Sensitive Or Personal Data
- Who Can Claim For A UK GDPR Breach?
- Compensation For Data Breach – Examples Of Data Breaches
- UK GDPR Breach Compensation – Evidence You’ll Need To Claim
- Compensation For A Data Breach – Material and Non-Material Damage
- UK GDPR Breach – Data Breach Compensation Calculator
- UK GDPR Breach Claims With Our No Win No Fee Solicitors
What Is A UK GDPR Data Breach?
You could be eligible for compensation for a data breach if you can prove the following:
- The data breach was caused by the organisation’s failures.
- Your personal data was compromised in the breach.
- As a result of your personal data being breached, you suffered mental harm or financial loss.
Personal data is any information that could directly identify you or could identify you in combination with other information. Your name, home address, and national insurance number are all classed as personal data. In the next section, we will provide more examples of what could be classed as personal data.
A personal data breach is a breach of security that leads to the accidental or unlawful alterations, destruction, or loss of personal data. It also included the unauthorised disclosure or access to personal data.
Per the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA), any organisation that processes the personal data of UK residents must do all that they can to keep it safe. This could include ensuring that they update their cyber security measures and provide efficient data protection training to all staff members. If you can prove that an organisation’s failings caused your personal information to be compromised, you could make a claim for your data breach.
Contact our advisors today to receive free legal advice regarding your specific claim. Additionally, they could answer any questions you may have about personal data breach claims.
Types Of Sensitive Or Personal Data
In order to interact with virtually every type of business or organisation, both on and off-line, we are obliged to provide details about ourselves. Some of this information is required by law. We trust that the organisations that retain and use this data are doing so in accordance with UK GDPR law. For example, you may need to provide:
- Name and address
- Email address
- Date of birth and disclosed ethnicity
- Details of dependants
- Housing and employment details
- Bank information
- Affiliations with religious groups
- Biometric data such as fingerprints
The ICO calls these pieces of information ‘identifiers’ which means that they can be used to identify you.
Who Can Claim For A UK GDPR Breach?
Data breach victims may only discover the breach long after the initial problem occurred. Companies are legally required to report a serious data breach to the ICO within 72 hours. Also, they should contact any customer or service user affected to alert them.
If you are subjected to a personal data breach you can do the following:
- Raise a complaint with the organisation that breached your data as soon as you become aware
- After no longer than 3 months from the last meaningful contact with them on the matter, you can ask the ICO to step in if there is an unsatisfactory response, (you can complain to them at any point if you wish).
- The ICO does not pay compensation either but their involvement can lend weight to your claim.
- Start to assemble evidence of the financial or emotional toll the data breach has taken on you
- Reach out for help with a data breach solicitor
Tracking a data breach back and obtaining proof that the party involved caused the issue through positive wrongful conduct are essential. Professional help can organise this. Furthermore, a solicitor can ensure that you calculate all the costs to you caused by the problem. After a successful personal data breach claim following a UK GDPR breach, a compensation calculator could help to estimate what you may be awarded.
Data Breach Claims – What Are The Time Limits?
If you are claiming data protection breach compensation, you need to start your claim within the time limit. There are two different time limits involved with data breach claims. The time limit will depend on the nature of the organisation you are claiming against.
Generally, you must start your claim within six years of the incident.
When making a claim against a public body, such as a local council, the time limit to start your claim is typically only one year.
Call our advisors to learn how much compensation for a data breach you could get if you are within the time limit or what factors could affect the data breach compensation amount.
Compensation For Data Breach – Examples Of Data Breaches
Before discussing examples of compensation for a data breach, it would be helpful to explore different scenarios in which a valid UK GDPR breach claim might arise.
Some examples of when a personal data breach could occur may include:
- Your personal data is stolen during a cyber attack due to an organisation not updating its cyber security measures.
- Your personal information is sent to the wrong postage address, despite a company having your correct home address on file
- An organisation sends a group email but accidentally shares your email address with other recipients because they failed to use blind carbon copy (BCC)
- Your employer verbally discloses your personal data to an unauthorised party without a lawful basis for doing so.
Our data breach solicitors have helped countless clients secure UK GDPR breach compensation amounts in the UK. Get in touch at any time to arrange a free consultation and to see if you could be eligible to work with one of them.
UK GDPR breach – compensation calculator guide
UK GDPR Breach Compensation – Evidence You’ll Need To Claim
It is important to note that you can only claim for a breach of the UK GDPR if it is your personal data that is exposed and you were harmed as a result. If you are diagnosed with anxiety disorder as a result of the breach, your data breach compensation can be from £3950 up to £110,000 , depending on how long your symptoms last. (see table below). The type injury you suffer due to the breach will impact your payout amount.
In order to make a valid claim, you must provide evidence that the breach was caused by the failings of the data controller and/or processor and that it resulted in you experiencing psychological or financial harm.
For example, if you suffered a psychological injury due to a personal data breach, you could use medical notes or a report from your therapist as evidence.
If you suffered financial loss, you could provide evidence such as:
- Invoices
- Receipts
- Bank notification letters
- Bank statements
Data controllers or processors should notify you of a breach as soon as it comes to their attention that it has occurred and is likely to result in your rights or freedoms being affected. Any relevant correspondence between you and the faulting party could also be used as evidence.
Continue reading to find out how much compensation for a GDPR breach you could potentially receive after a breach of your personal data. Alternatively, speak to an advisor at any time – they could provide you with an estimate of your data breach compensation amount in the UK.
Compensation For A Data Breach – Material and Non-Material Damage
If an organisation has breached your personal data, you may be able to make a claim in accordance with the UK GDPR. Compensation for distress, for example, could be awarded to you following a personal data breach.
When claiming compensation for a data breach of your personal information, compensation could be awarded to you for your material and non-material damage.
Material damage
Any of the financial losses you have suffered due to a personal data breach is referred to as material damage. For example, following a bank data breach, your banking information could be compromised. This could result in someone accessing this information and stealing money from your account or making charges on your debit or credit card.
In order to successfully claim compensation, you will need to provide evidence of this material damage, such as bank statements.
Non-Material damage
As we have stated above, non-material damage is any of the psychological injuries you have suffered due to the personal data breach, such as distress, anxiety, or depression. Providing evidence of your non-material damage will help support your claim. For example, a copy of your medical records stating that you have been diagnosed with post-traumatic stress disorder (PTSD) following a personal data breach could be used as evidence.
Contact our advisors today if you would like further guidance on making a claim for damages both material and non-material, following a personal data breach.
UK GDPR Breach – Data Breach Compensation Calculator
As mentioned above, following a successful data breach claim in the UK, you could receive compensation for material damage and/or non-material damage. When valuing non-material damage, which is the psychological harm you have experienced due to the personal data breach, solicitors can refer to the Judicial College Guidelines (JCG). The JCG features a number of mental health injuries, such as post-traumatic stress disorder (PTSD), alongside guideline compensation brackets.
You can find some of the figures from the JCG in the table below. Please use these as a guide only as the settlement you receive could differ. Also, the figures only apply to claims made in England and Wales.
To get a free estimate of how much your potential claim could be worth, get in touch with an advisor. They can also provide more guidance on the question ‘What data breach compensation amount in the UK could be awarded for a successful claim?’. Call the number above for more information.
Type of Harm Details Amount
General Psychiatric Damage (a) Severe - Massive impact on various aspects of the person's life, such as their work, education and personal relationships. The prognosis is also poor. £54,830 to £115,730
General Psychiatric Damage (b) Moderately Severe - A better prognosis, but the person will still suffer significantly. £19,070 to £54,830
General Psychiatric Damage (c) Moderate - Despite suffering with various issue, there will have been significant improvements. £5,860 to £19,070
General Psychiatric Damage (d) Less Severe - This award usually takes into account the duration and severity of the initial problem, and the impact on daily life £1,540 to £5,860
Anxiety Disorder (a) Severe - All aspects of life have been negatively affected, and the person will suffer with permanent problems. £59,860 to £100,670
Anxiety Disorder (b) Moderately Severe - The person will suffer with a significant disability, however there is room for some recovery with professional help. £23,150 to £59,860
Anxiety Disorder (c) Moderate - Only minor symptoms should persist following a large recovery. £8,180 to £23,150
Anxiety Disorder (d) Less Severe - A full recovery with 2 years with only minor symptoms remaining. £3,950 to £8,180
UK GDPR Breach Claims With Our No Win No Fee Solicitors
If you’re eligible to make a personal data breach compensation claim, one of our solicitors could represent you in your claim. Additionally, one of them may offer to work with you on a No Win No Fee basis with a Conditional Fee Agreement (CFA).
If you work with a No Win No Fee solicitor, you won’t be required to pay them any upfront or ongoing fees for their work. Furthermore, if your claim is unsuccessful, then you won’t have to pay for your solicitor’s services.
If you make a successful claim, a success fee is taken from the compensation awarded to you. It’s a legally capped percentage of your compensation that’s taken by the solicitor supporting your case.
For more information on claiming compensation for a UK GDPR breach of personal data, you can contact our advisors today. They may also connect you with one of our solicitors if they believe you may have a valid case.
You can reach them through the following methods:
- Calling 0800 073 8804
- Filling out the online claim form
- Using the 24/7 live chat service.
Learn More About A UK GDPR Breach And How A Compensation Calculator Could Help You
- Details on bank data breach compensation claims
- Also, FAQ’s on data breach compensation issues
- With this in mind, more details on how to report a data breach incident
- Advice from the Government on cyber security
- If you work for a school or if your personal data held by a school is shared by email, you could make a data breach claim against that school.
- Tips for being more cyber aware
- In conclusion, cyber security guidance for businesses