Make A Data Breach Compensation Claim Today
Data breach law is a fast evolving area and the number of compensation claims are rising. If you’ve been impacted by a UK GDPR breach, we can help you.
- Compensation Payouts Of Up To £10,000+
- 100% NO WIN NO FEE
Key facts
DataBreachClaims.org.uk has handled over
5,000
enquiries for data breach claims
To begin a data breach claim today, call us on 020 8050 3051
START YOUR CLAIMWhy Choose Data Breach Claims
No Win No Fee
We offer a 100% No Win No Fee service
Specialist Advice
Not all solicitors can help with data breach claims due to their complex nature. Our team is made up of specialists in this field.
Get A Case Check In Minutes
In our quick consultation, we can advise you as to whether or not you can pursue data breach compensation
No Risks For You
You can check if you can claim with no obligation to proceed. Simply get advice and learn about your legal options
Get The Compensation And Justice You Deserve
We leave no stone unturned to ensure you’re fully compensated
Have you been notified of a data breach? check if you can claim here
Eligibility Checker >You can also call us for free on 020 8050 3051
Lines open 24/7
Key figures…
DataBreachClaims.org.uk has
handled over
5,000
Data breach compensation claim enquiries
The Most Common Data Breaches We Help With
We can help with all types of data breach claims, but some of the most common that we see include:
- Bank data breaches
- Medical data breaches
- Breaches by police forces
- Data breaches caused by FOI requests
- Social services data breaches
You can also speak with our panel of data breach solicitors for on 020 8050 3051
What Is A Data Breach?
A data breach is an incident where your personal or sensitive information is changed, lost, disclosed, accessed or destroyed without your permission or a lawful reason.
Personal data or personal information is anything that can directly identify you or identify you in combination with other information. For example, your name, email address or bank details would be personal data.
Sensitive data includes the likes of your race, religion or biometric data.
The General Data Protection Regulation (UK GDPR) was enacted into British law in 2018 alongside an amended version of the Data Protection Act 2018 (DPA). It states that organisations that process personal information should protect it.
If they fail to do so, you could make a data breach compensation claim. We look at the criteria to make a claim in the section below.
How Common Are Data Breaches?
Data breaches are on the rise, and they’re impacting a range of different sectors. To give you an idea, we can look at our own case study on council data breaches.
Recently, we conducted our own first-hand research into the number of local council data breaches, which you can read here. Our statistics show that there has been a significant rise in the number of breaches at councils and the number of compensation claims made against them as a result.
For example, Devon County Council recorded just 8 data breach incidents between 2021/22. That then rose to 38 the following year. 45 data breaches were then logged between 2023 and March 2024. This works out as an increase of 463% over the last three years.
The same is true for other councils, with Essex County Council, for example, seeing a rise of 198%.
Can I Make A Data Breach Claim?
In order to make a data breach claim, some form of wrongful conduct on the part of the data controller or data processor must have occurred.
You must also have suffered some kind of damage, known as material or non-material damage. The latter relates to the psychological impact the data breach has had, such as causing you distress or worry. Material damage relates to the financial impact the data breach has had.
You could potentially use the services of a solicitor to claim data breach compensation, providing the breach exposed your personal information and you suffered financially or mentally as a consequence.
You can contact us here at Data Breach Claims UK to learn more about your legal rights, as well as to commence the process of making a claim for GDPR breach compensation.
Want To make a data breach claim?
Eligibility Checker >You can also call us on 020 8050 3051
Our lines are open 24/7
How Long Do I Have To Make A Data Breach Compensation Claim?
If you’re claiming against a private company, such as a hotel or bank, the time limit could be 6 years.
However, if your data breach is against a public body, such as the local council or the police, you could have just 1 year to take action.
The data breach claim time limit can vary, however, so it’s always best to speak with someone. Getting the date wrong could see you prevented from making a claim altogether.
Recent Data Breaches We Can Help With
In the last few years there have been some significant data breaches that have impacted hundreds of thousands of people.
Below, you can find a table with a breakdown of some of the current data breach claims we’re helping with. In some cases, we’re representing hundreds of claimants, and we can help you too.
Case | How Many People Were Affected? |
---|---|
Southern Water | Up to 470,000 |
South Staffordshire Water | 200,000+ |
Capita/USS Pensions | 500,000+ |
Blackbaud | 100,000+ |
In many of these cases, the data breach happened due to a cyber attack. If your personal data was affected you should have received a data breach notification letter or email. If you haven’t, you can check with the company and ask them for confirmation.
If you’ve been impacted by any of these cases, please get in touch today for free advice.
Examples Of Data Breaches You Could Claim Compensation For
It’s possible to make a UK GDPR breach compensation claim if your personal data has been compromised.
Your personal data is any information that can help identify you, either on its own or when it’s combined with certain other information. Your name, home address, phone number and email address are some examples of personal data.
Data breaches can involve many types of information and can occur in different ways. Examples of potential incidents that may lead to data breach claims include the following:
- A letter is sent to the wrong postal address – If a letter containing personal information is delivered to an incorrect address, despite you updating it with the organisation, someone unauthorised could access your personal information.
- Failure to redact personal information in publications – If a leaflet is sent out to people’s addresses containing your personal information without a lawful reason, you could be exposed to potential financial harm and may experience psychological harm such as stress to.
- Failure to use BCC correctly in emails – The BCC field in emails means that recipients can’t see who else the email has been sent to. If an email about a health condition is sent out and the BCC isn’t used correctly, then people who suffer from the health condition may be exposed without their consent or another lawful reason.
- Email sent to the wrong recipient – If an organisation sends an email containing personal information to the wrong person without a lawful reason, it could be accessed.
- Your medical records are lost – If, for example, your GP leaves your medical records in their car and the car gets stolen, you may be eligible to claim for this unlawful loss of data.
- Social services data breaches – If, for example, you’ve relocated due to threats to your safety from an ex-partner, and social services disclose your new address, you may have valid grounds to claim.
Please get in touch with our advisors today to discuss whether you’re eligible to claim compensation for a breach of data protection. We can also advise on more examples of data breaches and what you may be able to claim if you’ve been affected by a personal data breach.
How Much Compensation Will I Get For A Data Breach?
Data breach compensation payouts can consist of two types of damage: financial damage (known as material damage) and psychological damage (known as non-material damage).
Let’s look at material damage first.
Can I Claim Back Money Lost Due To A Data Breach?
In some cases, your finances may suffer because of a data breach. You may experience stress due to the breach which could see you have to take time off work. Some companies don’t offer sick pay, so if you lose money you could get this money back as part of your data breach compensation claim.
It’s also possible to claim back the costs of any counselling or therapy you’ve paid for to help you cope with the stress of the situation.
In order to successfully recover these fees, it’s best to keep a record of all of your costs and expenses.
How Much Could You Sue A Company For A Data Breach?
We often get asked about average payouts, but the reality is that how much compensation you get for a data breach can vary from case to case. It all depends on the impact the incident has had on the individual. However, here’s a quick breakdown:
- As a general guide, straightforward cases where the impact is minor could receive between £1,000 and up to £25,000. This could be in cases where your name, address, and email address have been shared.
- More serious cases with financial losses as well as serious psychiatric damage too could see compensation settlements exceed £25,000. This could involve cases where sensitive data has been exposed and the impact is severe.
How Much GDPR Breach Compensation Could I Get For Distress?
Non-material damage compensates for the mental harm you’ve experienced due to the data breach. An example of this could be acute distress, anxiety or a worsening of pre-existing depression.
It’s possible to get an idea of how much you could receive for a data breach by looking at a document called the Judicial College Guidelines. This is a publication that data breach solicitors use to help them value injuries.
Data Breach Compensation Examples
While there is no average payout for a data breach due to every case being unique, it’s possible to provide you with some data breach compensation examples to give you an idea of what you could receive.
This compensation table contains the latest available figures (published in 2024). They only offer guidance, however, and settlements may vary from case to case. Please note that the figure in the top row was not taken from these guidelines. We’ve included it to show you how you could be compensated for financial losses in addition to severe psychiatric harm.
Injury | Severity | Guideline Compensation |
---|---|---|
Financial Losses and Injuries | Very Serious - Settlements could compensate for very severe psychological distress along with financial losses, such as relocation costs. | Up to £500,000+ |
Psychiatric Damage | Severe - in cases where the data breach has a permanent negative impact on a person's day to day life and work | £66,920 to £141,240 |
Moderately Severe - similar symptoms to severe cases but with a better chance of a recovery | £23,270 to £66,920 | |
Moderate - symptoms may not be as severe and the chances of recovery are positive | £7,150 to £23,270 | |
Less Severe | £1,880 to £7,150 | |
Post-Traumatic Stress Disorder (PTSD) | Severe - these types of cases will involve permanent impacts that badly affect every aspect of a person's life | £73,050 to £122,850 |
Moderately Severe - the difference between this and Severe cases is the better chance of recovery | £28,250 to £73,050 | |
Moderate - significant symptoms but with a good recovery | £9,980 to £28,250 | |
Less Severe - in cases where a full recovery can be made within a couple of years | £4,820 to £9,980 |
So for instance, if your social services incorrectly record your data, causing you to lose custody of your children, this may cause distress that may have an permanent impact on your life. If you’re unable to work again and if your day to day life is disrupted, you could receive between £66,920 to £141,240.
If you’d like more help calculating your potential data breach compensation payout, please get in touch. We offer free advice to everyone who calls.
Do I Need To Report A Data Breach To The ICO In Order To Claim?
A question we often get asked is whether or not you need to report a data breach to the ICO in order to make a compensation claim. The short answer is no.
However, when it comes to reporting a data breach, claims can get a real boost if you report the incident to the organisation you think is responsible—that is if they haven’t already sent you a letter or email notifying you that your data has been impacted in a breach.
In making this complaint with the company, they provide you with written confirmation that you are affected, which confirms to a solicitor that you could have valid grounds to pursue compensation.
If you make a complaint to the organisation but they haven’t responded within around 3 months, the ICO then recommends that you submit a complaint to them directly.
They will then investigate and provide you with a meaningful response which you can then take to a solicitor to hopefully obtain legal representation.
If you need any help or support with the reporting of a data breach, or if you’d like to make a claim, get in touch. Our helpline, found at the top of this page, is open 24 hours a day to ensure you get the advice and representation you need.
What Evidence Do I Need To Make A Data Breach Claim?
Supporting evidence usually plays an important role in settling a claim for your data breach damages. When possible, you should collect and maintain any relevant documents or materials that can act as:
- Evidence of the breach
- Evidence of the harm you have suffered.
Evidence of the breach in your claim can come in the form of:
- Screenshots, photos, or similar evidence showing the exposure or misuse of your personal information
- Emails, or similar correspondence with the organisation, wherein they admit to the breach
Evidence of the harm the breach caused, which can be:
- Financial records of any losses that may have occurred because of the breach
- A medical diagnosis of the psychological injury the breach may have led to you suffering, such as anxiety or stress.
Data breach lawyers can not only advise you on evidence to collect in your claim but could also request it on your behalf or help arrange relevant appointments for you. If you are looking for help with evidence in your claim, please reach out to one of our advisers.
What Is The Data Breach Claims Process Like?
When claiming compensation for data protection breaches, the process is much like any other type of claim. Once you are able to set up your case with your data breach solicitor (assuming you hired one) and they have all of the evidence available, they will begin their investigations.
It’s likely that your data breach lawyer will present your case to the defendant by sending them a letter of claim. This sets out your case, explaining the impact the breach has had and inviting them to settle.
The defendant will then spend some time investigating the case themselves. In straightforward data breach claims, they may already be aware of their liabilities so could make an early offer of settlement.
However, if you’re still suffering from the impact of the data breach, such as feeling distressed or anxious, it may not be in your best interests to resolve the case so soon.
Your solicitor will likely arrange for you to be medically examined by an independent expert. They will assess your condition and produce a report which your solicitor will use to determine just how much data breach compensation you could be entitled to.
If they have strong evidence that supports your case, your solicitor should be able to negotiate a settlement on your behalf. If you still have any questions about data breach claims process, please contact our team of advisors.
Connect With A No Win No Fee Data Breach Solicitor Today
Our panel of No Win No Fee solicitors can support valid data breach claims under what’s called a Conditional Fee Agreement (CFA). There are various benefits to making a data breach compensation claim with the support of a No Win No Fee solicitor.
One main benefit is that you usually don’t need to pay for the services that your data breach solicitor has provided if your claim fails. Also, you wouldn’t be charged an upfront fee or ongoing costs during the course of your claim.
If your claim is successful, then you would pay your data breach solicitor a success fee. This means a small and legally capped percentage of the awarded compensation is taken by the solicitor. The legal cap ensures that you’ll keep most of your compensation.
To learn if you’re eligible to make a claim for data breach compensation, or to ask questions about working with a No Win No Fee solicitor, please contact us for free using the details above.
Learn More About Data Breach Claims
Below, you can find more information and guides on making a claim for a data breach:
- For Organisations: You can find out more information about how organisations can protect people’s personal data on this page.
- Your Data Matters: This page includes information on how the ICO has worked to prevent data breaches.
- Post-Traumatic Stress Disorder (PTSD): If you’re suffering from PTSD, this NHS guide includes important information.
Check out more of our guides below:
- How to claim compensation for a data breach
- How to find No Win No Fee data breach solicitors
- What should I do if my data is breached?
- To learn more about the legalities of information being shared without your consent, head here. You can learn more about your rights and what you can do.
- If you’d like to learn more about how to sue someone for disclosing your personal information, see this guide.
- For more information on the types of personal data that could be exposed in a breach and what you can do to protect it, head here.
- If you want to learn more about what a data breach is, head here. You can find definitions, advice, and details on the likes of notification letters.
- If you’ve had a credit card data breach, you can find out lots of useful information in our comprehensive guide here.
- After a data protection breach at work you could be entitled to compensation if you can show it was your employers’ fault. This guide offers lots of useful information on what you can do, as well as your legal rights after a data breach.
We hope that this page on data breach law and claiming compensation for a breach of data protection has been helpful. For more information, you can read more of our guides on data breach claims or you can get in contact with our team for further help.
Have any of the following every happened to you?
If any of the below scenarios sound familiar, you could make a data breach compensation claim:
- Your personal information was stolen, hacked or lost.
- Your personal or sensitive data was made public.
- Your data was stored with inaccuracies or is outdated.
- Your private data was subjected to disclosure that you did not consent to.
- Your personal information wasn’t deleted within specified time frames.
- Your data was breached due to a disclosure with malicious intent.
- Your data was not used in the way that you consented to.
- Your personal information was used to committ fraud, such as taking out credit in your name.
You can also speak with us on 020 8050 3051
Frequently Asked Questions (FAQs) On Data Breach Compensation Claims
What should I do if my data is breached?
It’s important to first find out what information has been exposed. You can do this by contacting the responsible organisation or by reviewing a data breach notification letter or email you may have received.
If your financial data has been compromised, you should speak with your bank. They can help you take steps to secure your information.
If you’re concerned, worried or stressed about your personal information being exposed, it’s vital to keep a sharp eye out. Watch for suspicious calls, texts or emails.
You can also seek legal advice on your position. You could be entitled to significant compensation.
How Long Do Data Breach Claims Take?
Claims for data protection breach compensation can take a varying amount of time to complete. In more straightforward cases in which liability is clear and obvious, the defendant admits fault quickly, and the extent of harm caused to you is relatively straightforward to confirm, a claim may take somewhere between 8 and 12 months to resolve.
In a more complicated data breach claim, more investigations may be required which may prolong the length of the case.
These investigations may involve assessing the impact on finances and credit scores, for example.
Cases involving more serious psychological conditions may take time too, especially if the prognosis of recovery is some time off. To settle a claim of this nature too soon may see you lose out on more data breach compensation.
Can I Make A Data Protection Breach Compensation Claim After A Cyber Attack?
Cyber attacks are common ways of data breaches occurring. Criminals use techniques such as phishing or viruses like ransomware to gain access to systems. They then extract data and in some cases offer it for sale online. It’s possible to make a data protection breach compensation claim if you’ve been impacted by a cyber attack. The most important factor to determine is whether or not the defendant could have taken steps to prevent the attack from happening. For example, if they failed to update anti virus software, or didn’t provide training to staff on the risks of phishing attacks.
Want to make a data breach claim? click below
Check Eligibility>You can also call us for free on 020 8050 3051
Lines open 24/7