Data Breach Compensation Claims Guide

By Marlon Madison. Last Updated 18th July 2022. Welcome to our complete guide to data breach compensation claims. On this page, you can find lots of useful information that’s designed to inform you of your legal rights if you fall victim to a GDPR breach.

We’ll also take a look at some key terms and definitions, the latest statistics, and some data breach compensation examples to help inform you as much as possible.

The law surrounding data protection has seen significant development in the last few years, mostly spurred by the introduction of the General Data Protection Regulation (GDPR). Introduced by the EU, it applies to every organisation based in any country that collects, processes and stores data relating to EU citizens.

Data breach compensation

How to claim data breach compensation

GDPR is designed to give data subjects (which would be us) more control over how the information is used, with one of the underpinning principles being consent. Essentially, an organisation cannot use our data in ways that we haven’t consented to.

For example, the marketing firm Leads Works Ltd was fined £330,000 for sending around 2.6 million spam text messages during the coronavirus pandemic without first obtaining the consent of the recipients.

Here at UK Law, we understand all too well the impact that a data breach can have on a person’s life. Even small repercussions of a data breach such as receiving spam or nuisance calls or texts can cause stress.

But the implications can be much more severe. In one of the worst-case scenarios, a person could see their financial data stolen, which could lead to identity theft, money taken from their bank accounts, or their credit rating ruined.

Similarly, the damage to mental health can be extreme too. For instance, if a victim of domestic violence had been moved to sheltered housing away from their abusive partner, a simple error such as sending a letter containing their new address to the home of their partner could lead to significant stress for the victim, who may fear an unwanted visit from their partner.

Select A Section

  1. A Guide To Claiming GDPR Data Breach Compensation
  2. Data Breach Glossary
  3. What Is A Data Breach?
  4. How Can Data Breaches Happen?
  5. Statistics On Data Breaches
  6. Data Breach Compensation Examples
  7. Making A No Win No Fee Data Breach Claim
  8. Read More Data Breach Compensation Guides

A Guide To Claiming GDPR Data Breach Compensation

Below, we’ll take a look at data breach compensation claims in more detail. We’ll explore the definitions of some key terms, examine what exactly a data breach is and how it could happen.

We’ll look at the latest statistics from the Information Commissioner’s Office (ICO) too, the body responsible for enforcing data breach law in the UK.

We’ll also provide you with some useful information on the potential compensation payouts for the damage inflicted by a breach. Plus, we offer advice to you on how our panel of No Win No Fee solicitors can help you.

If at any point you have a question or would like to enquire about making a claim, you can reach our advisers in any of the following ways:

Data Breach Glossary

Below, we’ve included the definitions of some key terms which you may encounter when researching data breach claims:

  • Data Subject – this is the individual whose data will be subject to collection, processing and use
  • Data Controller – a controller, usually an organisation or sometimes an individual, sets out the reasons why data is to be collected. Sometimes they also process data, store it and use it themselves
  • Data Processor – some organisations, particularly those of significant size, may contract out the processing of data to a third party known as a data processor.
  • Material Damages – this is one part of a potential data breach compensation award. It relates purely to the damage done to the victim’s financial position.
  • Non-Material Damages – another part of a potential compensation award, non-material damages relate to the victim’s mental health and the detrimental impact the data breach has had on it, such as the development of stress, anxiety or depression.

What Is A Data Breach?

It’s always useful to know what exactly a data breach involves.

A breach doesn’t just relate to information that has been lost. It involves any kind of security incident that leads to either the accidental or unlawful alteration, destruction, unauthorised disclosure of or access to personal data.

Crucially, a personal data breach can involve:

  • Accidental causes, such as a person sending an email to the wrong recipient
  • Deliberate causes, like hackers gaining access to databases containing sensitive information.

How Can Data Breaches Happen?

We’ve touched upon some of the ways in which a data breach can happen. They may involve deliberate, criminal acts, or simple incidences of negligence.

Regardless of how a breach occurs, it could cause significant damage to those affected.

In this section of our guide to seeking data breach compensation, we wanted to provide you with examples of ways in which breaches can happen. Largely, they fall into two categories—those relating to cybersecurity and everything other than cybercrime-based breaches.

Cyber Security

If you’ve heard about significant data breaches in the news, it’ll most likely be the result of some form of cybercrime.

Some of the most common data breaches relating to cybersecurity involve:

  • Ransomware attacks – hackers gaining access to systems and adding a layer of encryption to prevent people from gaining access. Data is often stolen too, with copies made. The ability to regain access to data, or to secure the deletion of stolen information, often involves a ransom being paid to the hackers. This is what happened with the Blackbaud hack.
  • Phishing – this cybersecurity threat is on the rise. Phishing attempts involve posing as a legitimate organisation to trick people into entering their private and sensitive information. This may be a username or password, which hackers can then use to gain legitimate access to servers.
  • Malware – this is an umbrella term for any type of software that’s designed to harm a computer or network.

Non-Cyber Security

Non-cyber security data breaches often relate to instances of human error. Some examples include:

Data Breach Claims – Real Life Case Studies

An instance of a mass data breach occurred in 2018 when British Airways systems were attacked and then modified to harvest details as they were input by customers and staff alike. This included login and payment card details as well as names and addresses.

The breach affected 420,000 people, many of which decided to make a data breach compensation claim. Though the amount remains confidential, the ICO also fined British Airways £20 million for a failure to protect customers.


Data breach claims can be made for breaches caused by human error. It is an organisation’s responsibility to safeguard the personal data they process, and if you suffer harm because an organisation fails to do this, then data breach claims could be made.

If you were harmed by a data breach, please speak to one of our advisors for information on the actions you can take.

Statistics On Data Breaches

Now you may think that data breaches surely can’t be that common. After all, we expect companies and organisations to invest in their cyber-security to prevent threats from coming to fruition. Especially given the volume of data that some of them possess about us.

However, if we take a look at the latest data security statistics published by the ICO, there was a staggering 2,425 data breaches between 1st January 2021 and 31st March 2021 alone. That’s nearly 1,000 breaches per month.

The sectors most impacted by breaches of data protection were:

  1. Health – 420 data breaches
  2. Education – 342 breaches
  3. Finance – 255 data breaches
  4. Local government – 240 data breaches
  5. Retail – 233 data breaches

The top 3 causes of data breaches were:

  1. Data emailed to the wrong person – 443 breaches
  2. Phishing attacks – 249 breaches
  3. Data posted or faxed to the wrong recipient – 233 breaches

In all, human error accounted for over double the amount of breaches in comparison to cybercrime.

This just goes to show that we need to be more vigilant when it comes to handling data. Perhaps organisations should invest more in data security training to help achieve this.

Click Here To Learn How To Report A UK GDPR Data Breach

Data Breach Compensation Examples For 2022

As explained, you can seek two types of compensation for a data breach:

  • Compensation for financial losses in material damages.
  • Compensation for suffering psychologically in non-material breach compensation examples

You can make a claim for material damages to address any financial losses you

had suffered because of your data protection breach. For example, you could claim for a:

  • Loss of earnings – if you were unable to work due to the breach
  • Replacement costs – for any damaged materials or items you had to replace or repair
  • Loss through theft – If your personal information had been used to fraudulently steal money from you

You should maintain any relevant records of financial losses to use in your claim.

In order to assess an amount of compensation to award, a claim for non-material damages will look at your level of psychiatric harm. To show you how this could be awarded, we have included a table describing various levels of clinically diagnosed psychological injuries, alongside example amounts of compensation. This figures come from the 2022 edition of the Judicial College Guidelines and can help you understand how psychological injuries could be valued in a claim.

Psychiatric Damage GenerallySevere£54,830 to £115,730
Psychiatric Damage GenerallyModerately Severe£19,070 to £54,830
Psychiatric Damage GenerallyModerate£5,860 to £19,070
Psychiatric Damage GenerallyLess Severe£1,540 to £5,860
Post-Traumatic Stress DisorderSevere£59,860 to £100,670
Post-Traumatic Stress DisorderModerately Severe£23,150 to £59,860
Post-Traumatic Stress DisorderModerate£8,180 to £23,150
Post-Traumatic Stress DisorderLess Severe£3,950 to £8,180

You can seek both types of damages in a single claim, or potentially claim for psychological damage alone. This is a departure from how compensation for a data protection breach was previously awarded in the UK. Prior to 2015 you could only make a claim for being affected mentally by a breach if it was part of a claim for financial harm. This changed following the ruling in the appeals case of Vidal-Hall v Google [2015].

If you are looking for a valuation for compensation in your data breach claim, please reach out to one of our advisers. They can value your claim and give you information about common data breach compensation amounts in the UK.

Could A Data Breach Compensation Calculator Help Me?

The data breach compensation calculator table above can help give you a broad idea of what you could receive should your personal data breach claim be successful. However, the figures from the JCG are not guaranteed, and the actual amount of compensation you may receive can vary.

This is because in most examples of data breach compensation, the awarded sum is calculated based on the individual circumstances of the case, including:

  • The severity of any psychological injuries
  • How long it will take for recovery, if recovery is possible
  • How any psychological injuries affect your life
  • If you suffered financial harm, and if so, to what extent

If you choose to hire legal representation, they can help you map out what you wish to claim for, whether that be financial harm, such as damage to your credit score or fraudulent purchases made on your credit card, or psychological harm, such as anxiety and PTSD.

To help aid in this process, it can be helpful to retain any relevant financial statements, medical records or doctor’s notes. These can not only help strengthen your claim but can help give you an idea of what you could claim for.

To learn more about data breach compensation amounts in the UK, or to get a free estimation of what your claim could be worth, contact our team of advisors today. They can provide free legal advice and may be able to connect you with a solicitor from our panel.

Making A No Win No Fee Data Breach Claim

At UK Law, we believe that everybody should have access to justice. To achieve this, our panel of data breach solicitors offer all claimants the chance to pursue their claim on a No Win No Fee basis.

This is a term you’ve probably heard before. Here’s what it means:

  • You agree to pay your solicitor a small percentage of your compensation award on the condition that they achieve a successful outcome in your claim. This percentage covers their costs and is capped by law at a low level.
  • There are no upfront fees to pay, nor anything to pay while the claim is ongoing.
  • If the claim is unsuccessful, you won’t be responsible for any of your solicitor’s fees.

To learn more about No Win No Fee claims, please get in touch.

Click Here To Learn More About Working With Data Protection Solicitors

Read More Data Breach Compensation Guides

You may also find the following guides on data breach claims useful:

We hope our guide on data breach compensation amounts in the UK and other related matters has been useful for you.