We've been featured in:

How Much Compensation Will I Get For A Data Breach?

By Cat Way. Last Updated March 2024. Throughout this helpful guide, we will explore compensation for a data breach, including who is eligible to claim, and how much you could receive. Generally, personal data breach claims are made up of two potential heads of compensation, which we will go into more detail about later on in the article.

compensation for a data breach

A guide to claiming compensation for a personal data breach

Not only could a personal data breach cause financial harm, but it can also have a significant impact on your mental wellbeing. If you have experienced financial or psychological harm following a personal data breach that was caused by an organisation’s failings, you may be eligible to claim compensation.

Our advisors can provide free and helpful legal advice, and they can tell you if you could have a valid claim. If you do, they can tell you how one of our personal data breach solicitors could guide you through the claims process.

To contact us:

 Select A Section

  1. What Is Personal Data?
  2. When Could You Claim Compensation For A Data Breach?
  3. Time Limits To Claim Compensation For A Data Breach
  4. What Types Of Compensation Could You Claim For A Data Breach?
  5. How Much Compensation Will I Get For A Data Breach in the UK?
  6. No Win No Fee Data Breach Compensation Claims

What Is Personal Data?

Two key pieces of legislation help protect data security in the UK. These are the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA). This legislation gives you certain rights surrounding how your data is collected and processed. Additionally, it holds the data processor and data controller accountable should a breach occur. A data controller decides how and why your personal data is used, while a data processor acts on this on behalf of the controller.  

A data security issue that means the loss, destruction, theft, alteration, disclosure or access of personal information either accidently or unlawfully demonstrates a personal data breach.

Personal data is any information that could, either alone or with other information, be used to identify you. This can include your name, postal address or credit card and debit card details

Special category data is a type of personal data that requires extra protection under the UK GDPR, and can include:

  • Medical records and health information
  • Genetic and biometric information
  • Ethnic or racial background
  • Political beliefs
  • Trade union membership

Contact our advisors to learn more about personal and special category data, and how it could affect your potential data breach compensation.

When Could You Claim Compensation For A Data Breach?

The UK GDPR grants you the right to compensation for a personal data breach. Eligibility criteria applies, which is also set out in the legislation and includes:

  • The breach must have been a result of the data controller or processor’s failings
  • You suffered either financially or mentally as a result of the breach
  • The breach included your personal data

For example, a personal data breach may occur as a result of:

  • Human error: Verbal disclosure could occur, for example, if staff members are discussing a client, customer or patient in a publicly accessible area. Staff could be trained to not discuss personal data. 
  • Lost or stolen paperwork: This could result in unauthorised access to personal data. This could be avoided if staff are trained to keep paperwork secure. 
  • Failure to use a BCC: Staff responsible for sending outside emails should be trained in the correct use of the blind carbon copy (BCC) and carbon copy (CC) features, as BCC allows emails to be sent to multiple recipients without revealing email addresses.

Our advisors can give you more information on when you could claim for a personal data breach and if you could be eligible to receive compensation when you get in touch today.

Time Limits To Claim Compensation For A Data Breach

If you decide to seek compensation for a data breach, you must do so within the time limit. You have six years to start your claim if claiming against a private company, but this becomes one year if claiming against a public body.

If you report the breach to the Information Commissioner’s Office (ICO), this could help support your claim. The ICO was set up to help enforce data security law, and can issue fines upon organisations found to be in breach of data protection legislation.

To learn about how time limits may affect your potential compensation claim, contact our team today.

What Types Of Compensation Could You Claim For A Data Breach?

Two heads could make up data breach compensation. Material damages address any financial losses caused by the breach. For example, illegal withdrawals from your bank account, or identity theft resulting in damage to your credit score. Whereas non-material damages compensate for any emotional distress, such as anxiety or post-traumatic stress disorder.

The Court of Appeal ruling in Vidal-Hall and others v. Google Inc. (2015) means that you can claim for non-material damages without claiming for material damages at the same time. Prior to this case, you were only able to claim compensation for emotional distress in a personal data breach if you also claimed for financial losses. 

If you are claiming under the material damages head, you must be able to prove your losses. For example, you could use bank statements to prove financial damages.

Talk to our advisors to discuss any questions you may have about claiming compensation.

How Much Compensation Will I Get For A Data Breach In The UK?

As previously stated, two heads could make up your compensation for a data breach. In this section, we will explore how much you could potentially receive in non-material damages should your claim succeed.

When legal professionals in England and Wales assign value to personal data breach claims, they now refer to the Judicial College Guidelines (JCG). 

Some examples of what you could potentially receive in terms of non-material damages can be found in the table below.

Edit
Injury Severity Potential Compensation Notes
PTSD Severe (a) £59,860 to £100,670 All areas of life are badly impacted from permanent inability to function at the same levels as prior to the trauma.
PTSD Moderately severe (b) £23,150 to £59,860 The claimant may make some recovery with the help of a professional, however they will experience significant disability for the foreseeable future.
PTSD Moderate (c) £8,180 to £23,150 A recovery has largely occurred, however, some symptoms that are not grossly disabling may remain.
PTSD Less severe (d) £3,950 to £8,180 Some minor symptoms may linger beyond 1-2 years but there’s been virtually a full recovery.
Psychiatric Damage Severe (a) £54,830 to £115,730 This injury impacts the claimant’s ability to cope with life and relationships. The prognosis is very poor.
Psychiatric Damage Moderately severe (b) £19,070 to £54,830 Significant problems with life and relationships are experienced, but the prognosis is more optimistic than seen in a severe psychiatric injury.
Psychiatric Damage Moderate (c) £5,860 to £19,070 The injury causes problems with life and relationships, but the claimant’s mental state’s improves with a good prognosis.
Psychiatric Damage Less severe (d) £1,540 to £5,860 The claimant experiences a period of disability which impacts their day-to-day activities and sleep.

These are only guideline figures, and the actual amount you may receive can differ. To get a free estimation of what you could receive in compensation for a data breach, contact our team of advisors today.

No Win No Fee Data Breach Compensation Claims

If you are interested in starting a claim for data breach compensation, one of our No Win No Fee solicitors may be able to help. A solicitor can help you gather evidence to strengthen your personal data breach claim and can provide more insight into how much compensation you could get for a data breach. They can also ensure that your claim is filed in full and within the relevant time limit.

Our solicitors offer their services under a kind of No Win No Fee arrangement known as a Conditional Fee Agreement (CFA). This means that you won’t be asked to pay any upfront or ongoing fees to your solicitor in order for them to work on your case. Likewise, you won’t pay for their services if your claim fails.

Should your claim succeed, your solicitor will be paid a success fee which is taken directly from your compensation. This is taken as a small percentage with a legal cap. Under a CFA, this cap is 25%.

Our advisors are on hand to help. Through a free consultation, they can tell you whether you could be entitled to make a claim and could potentially connect you with one of our solicitors. To get started:

Related Articles

The following links might be helpful:

Further data breach guides:

Thank you for reading our guide on data breach compensation.