How To Sue A Company For A Breach Of Data Protection

This guide will examine how to sue a company for a breach of data protection. Not all instances in which data protection law is breached will mean you are able to make a claim. We will explore the eligibility criteria surrounding data breach claims throughout this guide. We will also discuss the legislation in place to protect your personal data and how a breach could occur if this is not adhered to. 

how to sue a company for a breach of data protection

How to sue a company for a breach of data protection

The steps you can take after a data breach has occurred will also be explored. For example, gathering evidence or seeking legal representation in the form of a No Win No Fee solicitor.

Additionally, we will look at how much compensation you could be entitled to if your claim is a success. 

For more information, you can speak with an advisor from our team who is happy to provide you with free legal advice 24 hours a day, 7 days a week. 

To get in touch: 

Browse Our Guide

  1. When Are You Able To Sue A Company For A Breach Of Data Protection?
  2. How To Sue A Company For A Breach Of Data Protection
  3. What Are Examples Of A Company Data Breach?
  4. What Compensation Could You Receive From A Breach Of Data Protection Claim?
  5. Why Use Our Panel Of No Win No Fee Data Breach Solicitors?
  6. Learn More About Claiming For Breach Of Data Protection Compensation

When Are You Able To Sue A Company For A Breach Of Data Protection?

Before you consider how to sue a company for a breach of data protection, you must ensure that you meet the eligibility criteria. You may be eligible to make a personal data breach claim if you can prove a data controller or data processor failed to adhere to data protection law causing your personal data to become compromised in a breach. You also must prove that as a result of the breach you experienced emotional harm or financial loss. 

Firstly, personal data is any data that can be used to identify a person. For example, their name, email address, or postal address. Secondly, a data controller is responsible for how and why your data is used, whilst a data processor can be tasked with processing data on behalf of the data controller. 

The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA) outline the responsibilities a data controller and data processor have in relation to your personal information. A failure to adhere to these pieces of legislation is a breach of data protection law which could result in your personal data becoming compromised.

If you have any questions regarding the eligibility criteria and whether you could seek compensation, please get in touch with our advisors. 

How To Sue A Company For A Breach Of Data Protection

After experiencing a breach of data protection, there are several steps you could take. Firstly, you can contact the organisation to find out about the nature of the breach and what data has been compromised. This can be done by sending an email or letter. 

If you do not receive a satisfactory response from the organisation or they do not respond at all, you could make a complaint to the Information Commissioner’s Office (ICO). The ICO are the UK’s independent watchdog responsible for safeguarding data protection laws. 

Whilst the ICO could choose to investigate your complaint, they cannot award compensation. As such, you might find it beneficial to seek legal advice from a solicitor to help you through the process of seeking data breach compensation, including gathering evidence to support your claim. 

Evidence you could gather includes:

  • Correspondence between yourself and the data controller or processor regarding the breach. This could include how it happened, what data was compromised and how you were impacted.
  • Evidence of any psychological harm in the form of a report from a medical professional.
  • Records of any financial losses in the form of receipts, invoices, bank statements or credit score ratings. 

An advisor from our team can provide you with more information on the company data breach claims process if you get in touch. 

What Is The Time Limit To Make A Company Data Breach?

Data breach claims against a public body must typically be started within one year. However, if you are not claiming against a public body, you generally have 6 years to start your claim.

If you have any questions regarding time limit for data breach claims, please speak with an advisor from our team. 

What Are Examples Of A Company Data Breach?

A company data breach could occur in many different ways. For example:

  • Due to your bank not having the proper cyber security systems in place, they are hacked. Consequently, personal data relating to your finances is stolen in a ransomware attack. This causes you anxiety and stress as well as leading to you having money stolen from your account.
  • Your employer sends your payslip to the wrong email address despite having your one on record. As a result, your National Insurance number and other personal information is compromised, resulting in identity theft.
  • Your doctor verbally discloses information about a medical condition you have, that has been recorded in your file, to another patient. As a result, you suffer from distress and anxiety. 

If you have evidence that a personal data breach has occurred and you have suffered harm as a result, please get in touch with a member of our team. 

What Compensation Could You Receive From A Breach Of Data Protection Claim?

The payout you receive for a successful claim could be split into two heads of claim. Firstly, you might be awarded compensation for non-material damage which refers to any mental injuries caused by the data breach. For instance, you might endure distress, anxiety or depression after having your personal data compromised.

In the table below, we have included guideline award brackets from the Judicial College Guidelines (JCG). The JCG is a document used by legal professionals to aid them when they value claims. However, these amounts are not guaranteed due to each data breach claim being unique. 

HarmSeverityGuideline Compensation BracketDetails
(a) Psychological damage (generally) Severe£54,830 to £115,730There will be marked problems dealing with general life, education or work. The prognosis will also be very poor.
(b) Psychological damage (generally) Moderately Severe£19,070 to £54,830There will still be problems coping with life, education and work but there will be a more optimistic prognosis.
(c) Psychological damage (generally) Moderate £5,860 to £19,070Difficulty coping with life, education and work still persists, but there will be considerable improvements as well as a good prognosis.
(d) Psychological damage (generally) Less Severe£1,540 to £5,860Compensation for this bracket will be based on the length of the period of disability and its impact on every day life tasks.
(a) Anxiety disorderSevere £59,860 to £100,670Every aspect of the injured person's life will be majorly affected in a permanent way.
(b) Anxiety disorderModerately Severe£23,150 to £59,860The injured person will be significantly disabled for the foreseeable future. However, after seeking professional help there will be some recovery and a better prognosis.
(c) Anxiety disorderModerate£8,180 to £23,150A near full recovery will have been made and any persisting symptoms will not be grossly disabling.
(d) Anxiety disorderLess Severe£3,950 to £8,180A near full recovery has been made within 1-2 years with only minor symptoms lasting over a longer timeframe.

Material Damage In A Data Breach Claim

Your payout could also include compensation for material damage which refers to the financial losses incurred as a result of the breach. This could include several loans taken out in your name or damage to your credit score. 

An advisor from our team can offer you an accurate estimate of how much data breach compensation you could be awarded if you get in touch. 

Why Use Our Panel Of No Win No Fee Data Breach Solicitors?

If you are still wondering how to sue a company for a breach of data protection, a data breach solicitor from our panel can assist you. They can also help:

  • Present and build your case
  • Value your claim 
  • Collect evidence
  • Guide you through the different stages of the claims process

The solicitors from our panel could ask you to enter a Conditional Fee Agreement (CFA) which comes under the No Win No Fee umbrella. If you accept this offer, you won’t have to pay for their services upfront or while your claim is ongoing. 

Furthermore, if your claim is unsuccessful, you typically won’t have to pay for the services they provide. However, you will have to pay a success fee to your solicitor if your claim is a success. This is deducted from your payout and law-capped, ensuring you receive the majority of your settlement. 

An advisor from our team can tell you if you have a valid claim if you get in touch. Moreover, they may connect you with a solicitor from our panel if you do. 

To get in touch: 

Learn More About Claiming For Breach Of Data Protection Compensation

We have provided you with some more of our guides relative to data breach claims:

Moreover, we have included further resources that we hope you find useful: 

Thank you for reading this guide on how to sue a company for a breach of data protection. If you have any other questions, please get in touch using the details provided above.

Writer Beck Perk

Editor Meg Monsoon