Welcome to Data Breach Law.

Our site is dedicated to informing you all about data breach claims. We have a host of guides that you can browse on all manner of data breach cases, including local council data breaches and NHS data breaches, plus details on the role of the Information Commissioner’s Office (ICO) and crucially, how you can take advantage of our No Win No Fee service to make a data breach claim yourself.

data breach law

Data breach law

What Is A Data Breach?

You may have received a letter from an organisation, such as your local GP, informing you that some of your personal data may have been breached or wrongly disclosed to a third party without your consent.

A number of questions may pop into your mind, such as:

  • What is a data breach?
  • How has my private data been breached?
  • Can I claim for a data breach?
  • How much is a data breach claim worth?

Such questions are entirely understandable. On this page and other guides on our website, you’ll find the answers to all the above. However, let’s address that first question here.

A data breach is a release of private and confidential information to a third party without your consent. A data breach could arise because of a mistake, such as your local council posting a letter containing sensitive information to the wrong address, or it could arise because of a cyberattack.

Data breaches can potentially occur because the organisation affected did not take the right action to prevent such breaches. However, they can also potentially happen even if an organisation took all reasonable steps to prevent such an issue.

Given the amount of personal data that companies and organisations hold, many employees, customers and other people could potentially end up affected by a data breach if something goes wrong. Let’s look at some examples where data breach compensation could have potentially been claimed by victims for such incidents:

  • The NHS has previously been affected by a number of significant data breaches. One of them involved a leak at the 56 Dean Street Clinic. The breach occurred when the confidential HIV status of close to 800 patients was leaked in an email by mistake.
  • Another example involving the NHS occurred when the email addresses of 2,000 gender identity patients were exposed by mistake. The mistake that caused this was a simple one—a failure to include the email addresses as ‘blind copy’.
  • British Airways has been fined heavily in the past for data breaches. In 2019, the ICO fined British Airways £183m for breaches of data and a further £20m in October 2020 for failing to protect the personal and financial details of more than 400,000 of its customers.
  • The Marriott Hotel was fined £99m for failing to protect more than 300 million people’s data, which was compromised in a hack of its global database. Credit card details, passport numbers and dates of birth were all compromised.

Can I Claim For A Data Breach?

The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA) sit alongside each other as a regime for monitoring how a data controller and data processor use people’s personal data. Data protection law sets out their responsibility for protecting your personal data. If they breach data protection law causing your personal data to become compromised, you may be able to claim. However, you would need to prove you experienced either psychological harm or financial damage or both.

The General Data Protection Regulation (GDPR) was brought in as an EU directive. As we are no longer part of the EU, we now refer to the UK GDPR and an updated version of the DPA.

The harm a data breach can cause could be significant. You may be subject to identity theft, experience anxiety and emotional distress, as well as suffering financial losses. And these impacts can have a knock-on effect on the rest of your life, potentially impacting your working life and your relationships with family and friends. A data breach is essentially the modern-day equivalent of being robbed or burgled.

The amount of data breach compensation you receive will depend on the severity of the breach and how it impacted you.

Our expert team is on hand to discuss your case with you and offer you all of the free legal advice and support you need, with absolutely no obligation to proceed with a claim. We understand how stressful breaches of privacy may be, and know that we’re here to help you.

How Long Do I Have To Claim Data Breach Compensation?

If you have suffered due do a UK GDPR breach, compensation amounts could be awarded if you can prove that an organisation’s failings caused your personal data to be compromised leading you to experience financial loss or mental harm.

Also, you must begin claims seeking data breach compensation within a certain amount of time. Generally, you have six years to start a claim for breach of data protection compensation if it involves a private company. This time limit is reduced to one year when looking to claim compensation for a data breach against a public body.

Whilst the time limits above are generally adhered to, there are certain scenarios where they can be more flexible. If you are unsure if you are still eligible to claim for the amount of UK data breach compensation that you’re entitled to, you can contact our team for help. Feel free to reach out to our advisors here at Data Breach Law today to discuss your potential case.

Data Protection Breach Compensation Amount In The UK

If it’s established that you have the evidence to start a data breach claim, then you’ll likely have questions about how much you could receive. So, how much could be offered to you? Compensation amounts for UK GDPR data breach claims can vary a lot from case to case. The types of damages caused by one data breach incident can be very different compared to other incidents. So if you do seek data breach compensation from a UK GDPR claim or a similar claim, then it’s wise to treat it on a case-by-case basis.

When you are eligible to claim for a data breach, you may be able to seek compensation for both material and non-material damages. Material damages typically covers any loss of funds that have been directly caused by a data breach. Non-material damages may be included to compensate for any psychological harm you’ve suffered because of the data breach specifically.

To help provide some insight into potential UK GDPR breach compensation amounts, we’ve included compensation brackets in the table below. These brackets cover different psychological injuries that may be compensated for as non-material damages under a UK GDPR claim. The brackets are based on the 2022 edition of the Judicial College Guidelines. This is used to value claims in England and Wales.

Injury CoveredThe Severity Of The InjuryCompensation Bracket
General Psychiatric DamageSevere£54,830 to £115,730
General Psychiatric DamageModerately Severe£19,070 to £54,830
General Psychiatric DamageModerate£5,860 to £19,070
General Psychiatric DamageLess Severe£1,540 to £5,860
Post-Traumatic Stress DisorderSevere£59,860 to £100,670
Post-Traumatic Stress DisorderModerately Severe£23,150 to £59,860
Post-Traumatic Stress DisorderModerate£8,180 to £23,150
Post-Traumatic Stress DisorderLess Severe£3,950 to £8,180

Contact the Data Breach Law team of advisors if you would like to ask questions about UK compensation amounts for data breach claims or other related matters.

Data Protection Breach Compensation – Claim With A No Win No Fee Lawyer

When seeking UK GDPR data breach compensation, you could benefit from working with solicitors to help you prepare your claim. It is up to those seeking to start data breach claims whether they hire legal support. For data breach claims, we would always recommend hiring a solicitor who has previous experience in handling such cases. A No Win No Fee solicitor could potentially help you without you needing to pay any upfront payments.

Under this type of arrangement, you typically only pay a success fee if your solicitor helps you secure UK GDPR breach compensation. This success fee will be deducted directly from your data protection breach compensation. This is legally capped under the Conditional Fee Agreements Order 2013, so you won’t have to worry about excessive charges after your claim is settled.

Get in touch with our advisors at any time

Get Free Legal Advice Today

Our expert and friendly team are available to contact online or on the phone if you would like to discuss matters such as data protection breach compensation amounts in the UK. Our advisors can give you free legal advice and potentially other support as well if needed. If you would prefer not to proceed with a claim, there’s no obligation on your part to carry it on.

You can get in touch by:

  • Calling us on 0800 408 7827
  • Contact us with details of your case by clicking here.
  • Or you can speak to us via our live chat feature, which you can find in the bottom right corner of your screen.

You can check out more of our guides related to compensation for data protection breaches below: