Data Breach Compensation Claims Guide

By Danielle Fletcher. Last Updated 6th August 2024. In this guide, we’ll discuss data breach compensation examples and when you could make a valid claim following a breach of your personal data.

All organisations that process your personal data must adhere to the rules and regulations set out for them in the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA). Failure to do so could result in a data breach that compromises your personal data. If you can prove your personal data was breached due to an organisation’s failings, and as a result of this, you suffered financial loss or mental harm, you may be eligible to make a personal data breach claim.

Within this guide, we will discuss in more depth when you could make a claim for a UK GDPR breach and the compensation that could be awarded for successful claims. Furthermore, we will share examples of how a data breach could occur and the evidence you could use to support your personal data breach claim. This guide will also explore some of the benefits of making a claim with a No Win No Fee solicitor.

To find out whether you may have an eligible claim and to receive free advice, you can contact our advisors. They are available 24/7 to help answer your questions and can be reached by:

• Calling 020 3870 4868
• Completing our ‘claim online’ form for a free callback.
• Using our live chat service.

Select A Section

1. What Is A Data Breach And When Could I Claim?
2. What Evidence Can Help A Data Breach Compensation Claim?
3. How Can Data Breaches Happen?
4. Data Breach Compensation Examples And Amounts
5. Making Data Breach Claims With A No Win No Fee Lawyer
6. Read More Data Breach Compensation Guides

What Is A Data Breach And When Could I Claim?

A data breach is a security incident that affects the integrity, security, or availability of your personal data. This is any data that can be used to identify you as a living person. As we’ve already mentioned, this data is protected by the UK GDPR and the DPA.

The two parties who process to your personal data are known as data controllers and data processors. A controller decides how to use your data, and why they need it; then, a processor follows their instructions.

Article 82 of the UK GDPR sets the eligibility requirements for data breach claims. In order to seek compensation for a data breach, you must be able to prove that:  

• The data controller or processor failed to adhere to data protection legislation, causing a breach
• This breach affected your personal data
• As a result of the compromise of your personal data, you suffered harm. This harm could be damage to your mental health, financial losses, or both. 

Please contact our advisory team today to get more information on claiming data breach compensation and to learn more about the claims process.

What Evidence Can Help A Data Breach Compensation Claim?

You could be awarded compensation for a data breach if it involved your personal information and you suffered mentally and/or financially. Providing sufficient evidence could help increase your chances of securing compensation. Some of the evidence that could be collected to support claims for a personal data breach in the UK include:

• A notice letter from the organisation responsible for the breach stating that your personal data was compromised. This letter should also state what personal information was involved in the breach, e.g., your email address and phone number.
• You could report the data breach to the Information Commissioner’s Office (ICO). They are an independent body that upholds information rights. They could investigate the breach, and their findings could be used as evidence.
• A copy of any scam emails or text messages that you may have received following the personal data breach.
• A copy of your medical records stating that you were diagnosed with a mental injury, such as anxiety, following the breach.
• A copy of your bank statements to prove any financial losses, such as money being taken from your account.

Do not hesitate to contact our advisors today to receive free legal advice regarding your claim. They could also answer questions you may have about the UK GDPR or compensation claims for a personal data breach.

How Can Data Breaches Happen?

We’ve touched upon some of the ways in which a data breach can happen. They may involve deliberate, criminal acts, or simple incidences of negligence.

Regardless of how a breach occurs, it could cause significant damage to those affected.

In this section of our guide to seeking data breach compensation, we wanted to provide you with examples of ways in which breaches can happen. Largely, they fall into two categories—those relating to cybersecurity and everything other than cybercrime-based breaches.

Cyber Security

If you’ve heard about significant data breaches in the news, it’ll most likely be the result of some form of cybercrime.

Some of the most common data breaches relating to cybersecurity involve:

• Ransomware attacks – hackers gaining access to systems and adding a layer of encryption to prevent people from gaining access. Data is often stolen too, with copies made. The ability to regain access to data, or to secure the deletion of stolen information, often involves a ransom being paid to the hackers. This is what happened with the Blackbaud hack.
• Phishing – this cybersecurity threat is on the rise. Phishing attempts involve posing as a legitimate organisation to trick people into entering their private and sensitive information. This may be a username or password, which hackers can then use to gain legitimate access to servers.
• Malware – this is an umbrella term for any type of software that’s designed to harm a computer or network.

Non-Cyber Security Or Human Error

Non-cyber security data breaches often relate to instances of human error. Some examples include:

• Private information being emailed, posted or faxed to the wrong recipient. Head here to learn more about data protection breaches involving the wrong email address.
• A failure to redact sensitive information when disclosed to third parties. Click here to learn more about data breaches involving a failure to redact.
• Incorrect or ineffective disposal of paperwork or hardware. Paperwork, in particular, should be confidentially shredded and destroyed to prevent it from getting into the wrong hands.
• The loss or theft of devices or paperwork containing sensitive information. Head here to learn more about lost device data breach claims.
• Verbal disclosure of sensitive information, such as two colleagues discussing matters within earshot of others. Head here to learn more about verbal disclosure data breach claims.

Data Breach Compensation Examples And Amounts

If you make a successful personal data breach claim, you could be awarded compensation for your material and non-material damage.

Non-material damage refers to the mental harm caused by the compromise of your personal information. For example, you may suffer with anxiety following a personal data breach.

To help value mental suffering in data breach cases, those responsible for evaluating claims may refer to the guideline compensation brackets for psychiatric injuries within the Judicial College Guidelines (JCG). This text contains a list of mental injuries alongside compensation guidelines for each.

Guideline Compensation Brackets For Non-Material Damage

In this section, we use JCG figures to look at guideline figures providing data breach compensation examples related to non-material damage.

If you’ve used a data breach compensation calculator before, this is similar, and it’s equally true that it is only a guide. Each case is different, and if you work with a solicitor from our panel, they’ll push to get you the best possible payout.

These are the JCG guideline numbers for psychological illness:

• Compensation for severe psychological damage sits in the range of £66,920 to £141,240.
• If the harm is considered moderately severe, the bracket is £23,270 to £66,920.
• For moderate psychological damage, the payout could be from £7,150 to £23,270.
• However, if the harm is deemed less severe, the compensation bracket is £1,880 to £7,150.
• If you’ve been diagnosed with a severe form of Post-Traumatic Stress Disorder (PTSD), those calculating non-material damage could refer to the JCG recommendation of £73,050 to £122,850.
• Moderately severe PTSD could attract an award of £28,250 to £73,050.
• For moderate PTSD, the range is £9,980 to £28,250.
• Finally, a less severe PTSD case could lead to a payout of £4,820 to £9,980.

All in all, compensation for a data breach could go up to £250,000 or even higher (this figure is not from the JCG) if it accounts for serious mental harm plus financial loss. Read the next section for some more information on the latter.

What Is Material Damage?

You could also be awarded data breach compensation for your material damage. This refers to the monetary losses you have experienced due to the personal data breach. Some examples could include:

• Charges being made to your credit card if this information was breached.
• Loss of earnings due to time off work because of your mental injuries caused by the personal data breach.
• Any money withdrawn from your bank account if this information was breached.

Providing evidence such as bank statements and payslips could help support your claim.

To discuss your particular case and receive a free valuation, you can contact a member of our advisory team.

Making Data Breach Claims With A No Win No Fee Lawyer

A solicitor from our panel could help you with your personal data breach claim. They have years of experience handling personal data breach claims and could help you with gathering evidence. Additionally, if one of them agrees to take on your case, they may offer to work with you on a No Win No Fee basis under the terms of a Conditional Fee Agreement (which is a type of No Win No Fee agreement).

Under this type of agreement, you won’t be asked to cover costs upfront for your solicitor’s work on your case. If your claim is not successful, you usually won’t be expected to pay your solicitor for their services. Alternatively, if your claim succeeds, your solicitor will take a success fee from the compensation awarded to you. This is a small percentage that is limited by the law.

Get in touch with our advisors if you have any questions about claiming compensation for a data breach. Our advisors can offer you free advice for your potential claim and could connect you with a solicitor from our panel.

Contact our advisors today:

• Call our free 24/7 advice line on 020 3870 4868
• Use our live chat feature.
• Or complete an online claim form for a free call back.

Read More Data Breach Compensation Guides

You may also find the following guides on data breach claims useful:

• Data Subject Rights Following A Breach Of Data Protection
• Lost Medical Records Compensation Claims In The UK
• Check Your Rights If Your Data Has Been Breached Via Email
• Learn About Data Breaches Caused By Failing To Lock Documents Away
• Debit And Credit Card Data Breaches

We hope our guide on data breach compensation amounts in the UK and other related matters has been useful for you.