When Can You Claim Compensation For A Data Breach?

This article will discuss when you could be eligible to claim compensation for a data breach. We will explain the eligibility requirements you must meet to begin this kind of claim as well as the steps you could take after a personal data breach occurs.

compensation for a data breach

When Can You Claim Compensation For A Data Breach?

As well as offering some examples of what constitutes a data breach, we will discuss the impact a breach could have. Furthermore, we will discuss how data breach compensation payouts are calculated and how they can address the ways in which a breach has affected you.

Additionally, this guide will provide information on how a data beach solicitor could help you navigate the claims process.

Read on to find out more. Alternatively, speak to our team if you have questions about the types of data breaches you could potentially seek compensation for. This consultation is free, and there is no obligation to begin a claim. Reach an advisor by:

Choose A Section

  1. When Are You Eligible To Claim Compensation For A Data Breach?
  2. Potential Compensation For A Data Breach
  3. How Could A Data Protection Breach Happen?
  4. Evidence That Could Help In Data Breach Claims
  5. Use One Of The Data Breach Solicitors From Our Panel On A No Win No Fee Basis
  6. Learn More About How To Make Data Breach Claims

When Are You Eligible To Claim Compensation For A Data Breach?

In order to claim compensation for a data breach, you must be able to show that certain entities failed to uphold the responsibilities they have to protect your personal data as established by the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA). You must also prove that, as a result of their failings, your personal data was breached and you experienced financial loss or emotional harm.

The entities responsible for adhering to data protection law include data controllers and data processors. A data controller is responsible for deciding on the purpose for processing. They can also process the data themselves, but may outsource this task to a data processor who acts on the behalf of the controller. If they fail to uphold their responsibilities, it could lead to a personal data breach.

According to the UK GDPR, a personal data breach is a security incident that affects the integrity, confidentiality and availability of your personal data. This particular type of data is defined as information that could be used to identify you as a living person, either in isolation or when combined with other pieces of information. Examples of personal data can include your:

  • National Insurance number
  • Name
  • Email address
  • Postal address

Additionally, another type of personal data is known as special category data which requires extra protection due to it being sensitive in nature. Examples of this include:

  • Data concerning your health, such as medical records containing information about a health condition
  • Data revealing your ethnic or racial origin

Contact our advisers if you have questions about your eligibility to claim for a data breach. Our team can be reached 24/7 using any of the methods mentioned above.

Potential Compensation For A Data Breach

Data breach compensation payouts could include compensation for non-material damage which relates to the psychological suffering you experienced as a result of the data breach. Solicitors can turn to the Judicial College Guidelines (JCG) to help them assess the compensation that could be awarded for your emotional harm. The guidelines contain bracketed compensation amounts that correspond to different types of harm.

We’ve provided a table showing some JCG entries. However, please remember that these figures are intended as guidelines only.

HarmCompensation BracketSeverityFurther Notes
(a) General Psychiatric Harm£54,830 to £115,730SevereIndividual suffers marked problems in relation to coping with life, work, and/or education. They also have a poor prognosis.
(b) General Psychiatric Harm£19,070 to £54,830Moderately SevereSignificant issues with regards to work, education and relationships. However, there is a more optimistic prognosis.
(c) General Psychiatric Harm£5,860 to £19,070Moderate Significant improvement and a good prognosis.
(d) General Psychiatric Harm£1,540 to £5,860Less SevereAward examines the length of time the individual experiences a disability and extent to which it impacts certain activities.
(a) Reactive Psychiatric Harm£59,860 to £100,670SevereEffects of a permanent nature preventing the injured individual from operating at pre-trauma levels. Every aspect of life is affected negatively.
(b) Reactive Psychiatric Harm£23,150 to £59,860Moderately SevereDistinct from the above bracket because overall prognosis is better with professional help.
(c) Reactive Psychiatric Harm£8,180 to £23,150Moderate Individual largely recovers and any continuing effects are not grossly disabling.
(d) Reactive Psychiatric Harm£3,950 to £8,180Less SevereVirtual full recovery is achieved within 1-2 years, with only minor persisting symptoms.

Claiming For Material Damage In A Data Breach Claim

In addition to receiving compensation for your mental suffering, you could receive compensation for the material damage you experience due to the data breach. Material damage could include financial losses, such as funds stolen from your bank account after a debit card data breach.

You can also use a data breach compensation calculator to estimate the award you might receive for a data breach. Alternatively, you can get in touch with an advisor and they can provide an accurate estimate of how much your claim could be worth.

How Could A Data Protection Breach Happen?

A data protection breach could happen for various reasons, including through human error and cyber security incidents. Examples could include:

  • A personal accountant could mail a copy of their client’s tax return to the wrong address, despite having the correct address on file. This could reveal sensitive tax information.
  • Your university could mass-forward an email to the wrong recipients. This could represent a university data breach if it reveals the personal data of staff or students.
  • A member of HR at a private company could disclose personal data, such as an individual’s sexuality, that they learned from reading the individual’s job application. This could represent a sexuality data breach.
  • A company fails to ensure their cyber security systems are up to date leaving them more vulnerable to cyber attacks, such as ransomware and malware incidents.

It’s important to note that not all incidents of a breach of data protection will form the basis of a valid claim. Speak to our team of advisers to discuss your eligibility to claim compensation for a data breach.

Evidence That Could Help In Data Breach Claims

Having certain pieces of evidence will help with claiming for a personal data breach. For instance, it will benefit your case if you can produce:

  • Communication between you and the entity responsible for the data breach
  • A medical assessment of the psychological harm you experienced
  • Financial evidence regarding the financial loss you experienced

A data breach solicitor may be able to help you locate and gather these pieces of evidence. They can also provide assistance with collating the information before filing the claim and ensure you put forward your claim on time. You typically have 6 years start a personal data breach claim. However, if you are claiming against a public body, this limit is reduced to 1 year.

Speak to our advisers if you’d like more information about the services that may be offered by data breach solicitors on a No Win No Fee basis.

Use One Of The Data Breach Solicitors From Our Panel On A No Win No Fee Basis

Though you don’t need legal representation to start a claim, solicitors with experience handling data breach claims can provide a great deal of insight into the process. As mentioned above, they can assist with the process of gathering and collating important evidence while also ensuring the claim begins within the required time limit.

Additionally, the data breach solicitors on our panel may be able to offer their services under a type of No Win No Fee agreement called a Conditional Fee Agreement (CFA). You can avoid paying upfront fees or ongoing charges for their services if you work with them under these terms.

More importantly, you generally don’t have to pay for their services if your claim fails. Instead, your solicitor would take a success fee at the end of the process, which is taken from your award. The CFA applies a cap to this fee, so you can receive the majority of your compensation.

To find out more about the process of claiming compensation for a data breach, contact our advisers. They can answer your questions during a free consultation as well as provide insight into your eligibility to begin a claim. Learn more by:

Learn More About How To Make Data Breach Claims

More guides we’ve written:

Related information:

  • Data Breaches – Guidance from the National Cyber Security Centre (NCSC) about data breaches
  • Report A Breach – Information from the Information Commissioner’s Office about how to report a suspected data breach
  • Make A Complaint – Government information about what to do if you think your data is being misused or stored improperly

Thank you for reading this article about claiming compensation for a data breach. If you still have questions, speak to our team using one of the methods mentioned above.

Writer Morgan Feather

Editor Meg Moon