What Is The Time Limit For Data Breach Claims?

If your personal data has been breached by an organisation, this article discusses the data breach time limit for seeking compensation. Personal data can be any detail about you that when used alone, or alongside other information, might reveal or infer your identity. If this causes you financial or emotional harm, the party at fault may be liable, but there are deadlines to start claims.

data breach time limit

Data breach time limit claims guide

Personal data for UK residents is protected under two pieces of legislation called the Data Protection Act 2018 (DPA) and UK General Data Protection Regulation (UK GDPR). This legislation is upheld and enforced by an independent organisation called the Information Commissioner’s Office (ICO) which can issue fines against any organisation that fails to adequately safeguard personal data.

The ICO cannot pay compensation, but you may be eligible to launch a claim against the organisation at fault. At Data Breach Claims, our team can offer immediate and free advice about this. If you would like to get in touch:

Choose A Section

  1. What Is The Data Breach Time Limit? – A Guide
  2. The Data Breach Time Limit To Make A Compensation Claim
  3. When Are You Eligible To Make Data Breach Claims?
  4. What Compensation Could You Receive From A Data Breach Payout?
  5. Potential Evidence When Claiming For A Data Protection Breach
  6. What Are The Benefits Of Claiming For A Data Breach On A No Win No Fee Basis?
  7. Learn More About What Constitutes A Data Breach

What Is The Data Breach Time Limit? – A Guide

A personal data breach is broadly described as any accidental or deliberate action or inaction that impacts the confidentiality, integrity and accessibility of personal data. For example, verbal disclosure, accidental destruction, and data misdelivery could all be examples of personal data breaches.

Any organisation that allows a data security incident that otherwise could have been prevented may be liable to compensate you. However, your case must meet the criteria set out by the UK GDPR in order to claim. We will explain this later on in this guide.

In the sections below, we discuss how you can make a claim within the data breach time limits and how a data breach solicitor could assist you to start yours today. Get in touch to learn more.

The Data Breach Time Limit To Make A Compensation Claim

Generally, the time limits for starting a data breach compensation claim are as follows:

  • 6 years from the time you first became aware of the data breach
  • 1 year if the data breach claim is to be made against a public body

With this in mind, please feel free to contact our advisors to help clarify when the data breach time limit started in your case. They can offer free legal advice and more information on claiming when you get in touch today.

When Are You Eligible To Make Data Breach Claims?

Proving that a data breach caused by positive wrongful conduct was the reason you suffered financial or psychological harm is an essential part of eligibility.

This wrongful conduct must be on the part of the data controller or the data processor. A data controller decides how and why to use your personal data. Then, the data processor follows the instructions laid out by the controller in order to process the data. Also, the breach has to cause you harm if you want to make a claim.

Some examples of how a personal data breach could occur can include:

  • When an employer or HR department divulges personal details from your disciplinary records by sending them to the wrong postal address
  • GPs and professionals share medical records over the phone without conducting the appropriate security checks in an instance of human error
  • Passport data is sent to the wrong email address by a travel agency

To learn more about when you could make a personal data breach claim, or for more information on the data breach time limit, get in touch with our team.

What Compensation Could You Receive From A Data Breach Payout?

Two areas of compensation can be assessed in data breach claims. Firstly, non-material damage looks at the distress and psychological harm that a data breach can cause.

Often, solicitors and legal professionals use the Judicial College Guidelines (JCG) to help them value claims. You can find some examples of the JCG guideline settlement awards in relation to non-material damage below.

Mental Health Condition Amount Brackets & SeverityDescription
Mental Injury(a) Severe - £54,830 to £115,730Marked problems in all areas of the person's life and a poor future prognosis
Mental Injury(b) Moderately Severe -£19,070 to £54,830 Similar long-standing disability and illness issues but a more optimistic prognosis than shown in the case above
Mental Injury(c) Moderate - £5,860 to £19,070The person has similar issues to those above, but an improvement is seen by the time the case may need to be heard at trial
Mental Injury(d) Less Severe -£1,540 to £5,860 This award bracket looks at the length of illness and how symptoms affect everyday life.
Anxiety Disorder(a) Severe - £59,860 to £100,670A profound trauma response greatly reduces the person's quality of life and ability to work permanently.
Anxiety Disorder(b) Moderately Severe -£23,150 to £59,860 Symptoms cause significant disability that sees an improvement after professional help.
Anxiety Disorder(c) Moderate - £8,180 to £23,150Largely a recovery with persisting issues not being grossly disabling.
Anxiety Disorder(d) Less Severe - £3,950 to £8,180Virtually a full recovery within a 2 year period and only minor symptoms persisting beyond this timescale.

These are not guaranteed amounts; legal professionals use these guideline amounts to help them value injuries, so the compensation you could receive may vary.

Could You Claim For Material Damage After A Data Protection Breach?

A data security breach can cause financial problems as well. For example, criminals might be able to use personal data in a way that can allow them to access bank accounts and steal funds. In this case, you may be eligible for material damage compensation, which could cover:

  • Funds stolen from your bank accounts
  • Fraudulent purchases on credit cards or debit cards
  • Negative impacts on your credit score

Read on to learn more about how receipts, statements and other documented evidence that can help support a personal data breach claim. Or, get in touch with our team to find out if you could start a claim within the data breach time limit.

Potential Evidence When Claiming For A Data Protection Breach

Collecting evidence can be very helpful if you intend to start a personal data breach claim. Evidence can help prove who was liable for the breach, how it happened, and how it impacted you. You can collect this evidence alone, or with the help of a data breach solicitor.

Some examples of evidence that could support your claim include:

  • Correspondence relating to the breach. The organisation may have written to you or sent an email to notify you about the security incident. By law, all organisations must inform data subjects about any breach serious enough to impact their rights and freedoms. Furthermore, they should inform the ICO about serious breaches no later than 72 hours after discovery.
  • Have a GP or doctor assess the full extent of any psychological injury. Notes and medical records from professionals can be used to help demonstrate the psychological harm caused by the breach.
  • Retain proof of associated costs that arose because of the breach. For example, bills, receipts, invoices, and bank statements could all be used to help illustrate the financial harm caused by the data breach.

Get in touch with our team to find out if a solicitor from our panel could help you gather evidence to support your claim.

What Are The Benefits Of Claiming For A Data Breach On A No Win No Fee Basis?

At Data Breach Claims, our team can offer a brief and informal consultation to assess your claim. An advisor from our team could then connect you with No Win No Fee data breach solicitors who offer Conditional Fee Agreements (CFA) to help you start a claim. The advantages of an arrangement like this include:

  • Typically, no fees are needed to hire their services
  • No fees are required from your solicitor as the case progresses
  • A success fee for the solicitor becomes due only if the case succeeds. The success fee is capped by law.
  • Otherwise, your solicitor will typically not request a fee for their services.

To see if you can benefit from the advantages of a claim made under a CFA, please connect with our advisors to get started.

Contact Us About The Data Breach Time Limit And Claiming Compensation

Access expert advice about data breach time limits or learn how a solicitor from our panel could help you today by getting in touch.

Learn More About What Constitutes A Data Breach

For more helpful guides surrounding personal data breach claims:

For more resources:

Thank you for reading our guide on the data breach time limit.

Writer Jeff Walker

Editor Cat Harley