By Stephen Dallas. Last Updated 10th January 2023. If you have been the victim of a data breach and the organisation storing your data was responsible, you might be entitled to data breach compensation.
Whether the data was breached as a result of a hack, a cyber-attack, a deliberate breach of the terms of data collection or through human error, you could be entitled to make a data breach claim. It’s possible to experience financial damage as a result of a breach, or emotional distress, anxiety or depression, depending on the circumstances.
I’ve Suffered A Data Breach, Could I Claim Compensation?
If you believe that you have been the victim of a data breach, then you should consider both reading this guide and getting in touch with our team of experts. Not only can we provide you with free legal advice, but we can also connect you with our panel of lawyers to start a data breach compensation claim.
You can reach us in any of the following ways:
- By calling 0800 408 7827
- Writing to us via our contact page here
- Or chat with our advisers now using our live chat feature
On this page
- Our Guide To Data Breach Compensation Claims
- What Is A Data Breach?
- The Types Of Information Protected By The Data Protection Act
- What Could Be The Causes & Impacts Of A Data Breach?
- Data Protection Rights For Individuals
- Data Protection Obligations For Organisations
- Who Could Your Claim Be Made Against?
- What To Do If You Are A Victim Of A Data Breach
- How Much Compensation For A Data Breach?
- Could I Claim With No Win No Fee Data Breach Solicitors?
- Contact A Data Breach Solicitor
- Useful Information On Data Breach Compensation Claims
In this guide and in other guide pages that you can find on our website, you can learn about data breach law and what you can do about seeking compensation if you have been the victim of a data breach.
To do this, we are going to try to clear up some of the information about data breaches that you may have questions about. Also, we’ll explain what data breaches are, what can cause them to occur and what their effects can be.
We will explain how and when you could be entitled to make a data breach claim by explaining what a third party’s data protection obligations are, and we’ll show you some examples of how these obligations could be breached.
The process of making a data breach claim, like what steps you could take to gather some evidence, is also covered further on in this guide. We’ll address how the data breach compensation you could be entitled to would be calculated and how you could reduce the financial risk of pursuing compensation by making a No Win No Fee data breach claim.
The time limit for making a data breach claim is six years from the date you obtained knowledge of the breach. The time limit is just one year if you wished to launch the claim on the grounds that the data breach constituted a violation of your human rights.
For more information, please get in touch on the number at the top of this page.
A data breach is any instance in which a person’s personal data or information is unlawfully destroyed, altered, lost, shared, disclosed, accessed or misused.
A data breach could occur either deliberately, accidentally or due to the actions of another party.
An organisation could be liable for a data breach claim if the information has been breached in any of these ways whether it was on purpose, by accident or even without their knowledge.
The General Data Protection Regulation (GDPR), enshrined in UK law by the Data Protection Act 2018, protects all data that might be stored by a company or an organisation that you share data with. The different types of personal information that are covered under the Data Protection Act include:
- Name, contact details and addresses
- Criminal records
- Medical records
- Employment details and history
- Financial details and history
- Confidential personal information
Because the rules of data protection are strict, and because the different kinds of data that can be collected and stored are so varied, there are many different ways in which a person’s personal details could be breached. It also means that the potential impact of a data breach could also come in many different forms as well.
Below, we’ll look at different ways a breach could happen.
What Could Cause A Breach In Data Protection?
Some of the different ways in which a company could breach your data, or allow your data to be breached include:
- The sale or exchange of your data with other third parties
- Destruction or loss of your data
- Failure to delete data after it has served its purpose
- Using data for purposes not stated when it was provided (i.e. marketing)
- Failure to secure the data and protect it from theft or access
- Failing to update personal information where appropriate
What Could Be The Impact Of A Data Breach On Someone?
A data breach could potentially cause a wide variety of situations to arise, depending on the circumstances of the breach. Some of the consequences of having personal data breached could include:
- Identity theft
- Monetary loss through financial theft
- Emotional distress and mental health concerns stemming from fear of the consequences of the data breach
- Discrimination due to information released by the data breach
- The harassment caused by disclosure of personal details released by a data breach
- Damage to the victim’s reputation as a result of information disclosed by the data breach
- Loss of confidentiality and anonymity
Because there is such potential danger associated with a data breach, the laws are clear about the obligations that organisations have to protect the personal information of the data subject—in other words, the person whose data has been stored.
In this section, we’ll look at some of these rights.
What Is The Data Protection Act And UK GDPR?
The privacy and security of your personal data are protected by The Data Protection Act 2018, which is the UK government’s implementation of the General Data Protection Regulation.
The Data Protection Act 2018 outlines some of the following principles that bodies storing people’s personal data have to uphold.
- The data must be collected and used lawfully, fairly and transparently
- The data must be used only for the explicitly stated purposes
- It should also only be used for what is necessary
- The data must be accurate and kept up to date
- The data must be deleted or disposed of securely when its purpose has been met
- It should also be kept securely, with all reasonable measures being implemented to ensure its security.
There are even stricter laws around the protection of personal data surrounding the data subjects protected identities, such as their race, gender, sexuality, gender identity, disability, age, marital status, parental status, religion and nationality in order to prevent possible discrimination and harassment. You can read more about the Data Protection Act 2018 on this government page.
Your Rights As A Data Subject
When you consent to have your data stored by a third party you have fairly extensive rights over how the information is collected, stored and used. Below are some of the rights you have as a data subject that is outlined in legislation:
- The right to be informed when or if your data is being collected and stored
- Access to your data if it is being collected and stored
- The right to have inaccurate data corrected
- The right to have your data scrubbed
- Restrictions can be applied to the processing of your data
- The right to use the data for other purposes
- The right to withdraw your consent to the collection, storage, processing and use of your data at any point in the process.
If you believe that a third party has denied you any of these rights, you have the right to make a complaint to the Information Commissioner’s Office (ICO).
In this section, we will go over some of the specific obligations that companies, organisations and data controller officers have over the security and protection of those whose data is being processed and stored.
What Is A Data Controller?
A data controller is a person or organisation which is responsible for making the decisions about the methods of processing the data of other people, and it therefore responsible for ensuring compliance with the UK GDPR and the Data Protection Act 2018.
This includes ensuring the security of the data, ensuring the rights of the data subject, and informing the data subject of any breaches should they occur. You can find out more about the roles and responsibilities of a data controller on the ICO website.
How To Find Out If Your Data Has Been Breached
One of the responsibilities outlined in the UK GDPR and the Data Protection Act 2018 for organisations is to inform people as soon as they become aware that their data has been breached.
As well as informing the data subject of the breach, they should also provide them with information on what risks could occur as a result of the breach, what steps are being taken to prevent similar breaches in the future, and the contact details of the organisation’s data protection officer(s).
If you believe your data may have been breached without the organisation informing you of it, you should contact them directly to enquire about the issue. You should also seek legal advice, from our team for example, for information on what to do if you believe that an organisation has withheld information about a data breach concerning your data.
Our team can assess your case and inform you whether or not you could have grounds for taking legal action in the form of a claim for data breach compensation.
Almost any organisation that is responsible for handling people’s personal data could be held liable for a data breach if it is found that they violated the UK GDPR or the Data Protection Act 2018.
Some examples of organisations that data breach claims could be made against include:
- Employers for a workplace data breach
- A bank for a banking data breach
- A school, university or an academy for an education data breach
- The government for a government data breach
- The NHS or private healthcare provider for a medical data breach
- A local council for a local authority data breach
- A shop for a retail data breach
- The NHS or contracted companies for a track and trace data breach
- A police force for a police data breach
If you have been a victim of a data breach and you would like information on whether you could be entitled to make a claim against the organisation, call our team for free legal advice. They can also possibly advise on other related queries such as compensation amounts for UK GDPR breaches.
If you have been informed that your data has been breached or if you believe that your data has been breached, then your first step should be to contact the organisation that is responsible for your data.
You should also contact your bank if you believe that information concerning your financial details has been breached. It is also advisable to make changes to your passwords.
You could make a complaint to the ICO, however, this is not necessary. If you have been affected by a data breach and have received no satisfactory reply from the company responsible, you should seek the advice of a legal expert. You can find the contact details of our team at the top or bottom of this page.
How Long Do I Have To Claim Compensation For A Data Protection Breach?
If you are eligible to claim compensation for a data protection breach, it’s important that you start your claim within the statutory time limits set out in the Limitation Act 1980. Usually, this is six years from the date the breach occurred when you claim against a non-public body.
However, data breach claims must be started within 1 year if being made against a public body. We would always advise beginning your claim as soon as possible.
Get in touch to find out if you are within your time limit to claim and how data breach compensation amounts in the UK are calculated.
Do you wonder, ‘how much compensation for a data breach can I get?’. There are two different heads of claim that you may receive for data protection breach compensation:
- Material damage is any financial harm or loss you have incurred because of a personal data breach.
- Non-material damage is any mental harm you may have suffered because of a personal data breach.
To provide some insight for those seeking examples of data breach compensation, we have included compensation brackets featured in the 16th edition of the Judicial College Guidelines (JCG) within the table below. These can give you an estimate of what non-material damage you could receive for non-material damage. The figures in the JCG are based on settlements awarded in previous court rulings.
|Severe Psychiatric Damage||£54,830 to £115,730||Your life is badly affected, including your ability to work.|
|Moderately Severe Psychiatric Damage||£19,070 to £54,830||Whether medical help has been sought influences the award in this bracket.|
|Moderate Psychiatric Damage||£5,860 to £19,070||The prognosis is good.|
|Less Severe Psychiatric Damage||£1,540 to £5,860||You may be unable to sleep.|
|Severe PTSD||£59,860 to £100,670||Every aspect of your life is badly affected.|
|Moderately Severe PTSD||£23,150 to £59,860||The prognosis is better with professional help.|
|Moderate PTSD||£8,180 to £23,150||Any ongoing effects are not grossly disabling.|
|Less severe PTSD||£3,950 to £8,180||Minor symptoms persist after a year or two.|
Please note that the figures above are intended to be used as guidelines only. For a more accurate valuation of your claim, please get in touch with our advisors. If you have grounds to make a claim, they could potentially provide a more specific estimate amount for UK data protection breach compensation based on the circumstances of your case.
Could A Data Breach Compensation Calculator Help Me?
If you’re making a claim, it’s natural to want to know the answer to questions such as “how much compensation will I get for a data breach?”
As we’ve mentioned in previous sections, there are two types of damage that you can claim for—material and non-material. We’ve provided some guideline figures in the table above relating to the potential distress caused by a breach.
You may also be wondering whether a data breach compensation calculator tool could provide you with a more precise estimate.
What we’d like to advise is that such tools can only provide you with a general estimate, just like what we’ve provided you with above. They’re unable to account for the specific damage you’ve suffered.
To get the best idea of how much your case could be worth you need to speak to a data breach solicitor, such as those on our specialist panel of lawyers.
With their experience and knowledge, they can assess the evidence you’re able to provide to work out if your case has a good chance of success. They’ll also determine the severity of the damage suffered. They do this with the help of medical reports which can be obtained as part of the claims process.
So, while there’s no harm in using a compensation calculator, the better option would be to speak to a claims advisor or data breach solicitor directly. Get in touch with us today to do just that.
If you are considering making a claim over the data breach you have experienced, you may be wondering about how much money it would cost to take on a solicitor. The answer, potentially, is nothing.
If you make a No Win No Fee claim then you will not be charged for the legal fees of your case if it is unsuccessful and you do not receive compensation. Similarly, you won’t be charged any upfront or ongoing fees either.
If you win, the compensation awarded will be used to pay the lawyer. They’ll deduct a small portion of the total amount, which is capped by law.
A No Win No Fee claim is much less of a financial risk than other methods of starting a claim. It means you do not have to risk your money if you lose the claim and also means that you will not have the value of your claim nullified by the costs of paying a lawyer. If a lawyer agrees to take on your case on a No Win No Fee basis, it could be a good sign that they are confident of its chances of success.
If you would like to speak to an advisor about your data breach claim and its potential to succeed, or any other related matters, you can do so via the following methods:
- By calling 0800 408 7827
- Writing to us via our contact page here
- Request a callback using the form available around the top of this page or other pages on our site
We hope that reading this guide to claiming data breach compensation has been helpful for you. In this last section of our guide, we’ve included some other resources that you may find useful.
You can check out more of our guides below:
- An Overview Of Data Breach Compensation
- Data Breach FAQs – Frequently Asked Questions
- How To Use A Data Breach Compensation Calculator
- Payouts For Mortgage Broker Data Breach Claims
- How To Report A Data Breach
- How To Claim For A Medical Conditions Data Breach
- Payouts For Debt And Arrears Data Breach Claims
- Can I Claim Compensation For A Data Breach?
- How To Claim For A Disciplinary Information Data Breach
- Children In Care Data Breach Claims
- A Guide To Police Data Breach Claims
- Trade Union Membership Data Breach Claims
- How To Claim For A Tax Information Data Breach
- Credit Score Data Breach Claims
- No Win No Fee Data Breach Claims Explained
- Can I Claim For A Disciplinary Records Data Breach?
- What Is A Data Protection Breach?
- Can I Claim For An Accountant Data Breach?
- Medical Records Data Breach Claims Explained
- NHS Data Breach Compensation Claims Guide
- Could I Claim For A Sexuality Data Breach?