Time Limit For Data Breach Claims – What Is It?

By Cat Norris. Last Updated 10th September 2024. If your personal data has been breached by an organisation, this article discusses the data breach time limit for seeking compensation. Personal data can be any detail about you that when used alone, or alongside other information, might reveal or infer your identity. If this causes you financial or emotional harm, the party at fault may be liable, but there are deadlines to start claims.

Personal data for UK residents is protected under two pieces of legislation called the Data Protection Act 2018 (DPA) and UK General Data Protection Regulation (UK GDPR). This legislation is upheld and enforced by an independent organisation called the Information Commissioner’s Office (ICO) which can issue fines against any organisation that fails to adequately safeguard personal data.

The ICO cannot pay compensation, but you may be eligible to launch a claim against the organisation at fault. At Data Breach Claims, our team can offer immediate and free advice about this. If you would like to get in touch:

A hacker typing on a keyboard

Choose A Section

  1. What Is The Time Limit For Data Breach Claims? 
  2. When Are You Eligible To Make Data Breach Claims?
  3. What Compensation Could You Receive From A Data Breach Payout?
  4. Potential Evidence When Claiming For A Data Protection Breach
  5. What Are The Benefits Of Claiming For A Data Breach On A No Win No Fee Basis?
  6. Learn More About What Constitutes A Data Breach

What Is The Time Limit For Data Breach Claims?

Generally, the time limits for starting a data breach compensation claim are as follows:

  • 6 years from the time you first became aware of the data breach

With this in mind, please feel free to contact our advisors to help clarify when the data breach time limit started in your case. They can offer free legal advice and more information on claiming when you get in touch today.

When Are You Eligible To Make Data Breach Claims?

Proving that a data breach caused by positive wrongful conduct was the reason you suffered financial or psychological harm is an essential part of eligibility.

This wrongful conduct must be on the part of the data controller or the data processor. A data controller decides how and why to use your personal data. Then, the data processor follows the instructions laid out by the controller in order to process the data. Also, the breach has to cause you harm if you want to make a claim.

Some examples of how a personal data breach could occur can include:

  • When an employer or HR department divulges personal details from your disciplinary records by sending them to the wrong postal address
  • GPs and professionals share medical records over the phone without conducting the appropriate security checks in an instance of human error
  • Passport data is sent to the wrong email address by a travel agency

To learn more about when you could make a personal data breach claim, or for more information on the data breach time limit, get in touch with our team.

What Compensation Could You Receive From A Data Breach Payout?

Two areas of compensation can be assessed in data breach claims. Firstly, non-material damage looks at the distress and psychological harm that a data breach can cause.

Often, solicitors and legal professionals use the Judicial College Guidelines (JCG) to help them value claims. You can find some examples of the JCG guideline settlement awards in relation to non-material damage below.

Mental Health Condition Amount BracketsDescription
Severe Psychological Harm + Special DamagesUp to £250,000+Instances of severe psychological harm and financial losses, including lost earnings
Mental Injury£66,920 to £141,240Marked problems in all areas of the person's life and a poor future prognosis
Mental Injury£23,270 to £66,920Similar long-standing disability and illness issues but a more optimistic prognosis than shown in the case above
Mental Injury£7,150 to £23,270The person has similar issues to those above, but an improvement is seen by the time the case may need to be heard at trial
Mental Injury£1,880 to £7,150This award bracket looks at the length of illness and how symptoms affect everyday life.
Anxiety Disorder£73,050 to £122,850A profound trauma response greatly reduces the person's quality of life and ability to work permanently.
Anxiety Disorder£28,250 to £73,050Symptoms cause significant disability that sees an improvement after professional help.
Anxiety Disorder£9,980 to £28,250Largely a recovery with persisting issues not being grossly disabling.
Anxiety Disorder£4,820 to £9,980Virtually a full recovery within a 2 year period and only minor symptoms persisting beyond this timescale.

These are not guaranteed amounts; legal professionals use these guideline amounts to help them value injuries, so the compensation you could receive may vary.

Could You Claim For Material Damage After A Data Protection Breach?

A data security breach can cause financial problems as well. For example, criminals might be able to use personal data in a way that can allow them to access bank accounts and steal funds. In this case, you may be eligible for material damage compensation, which could cover:

  • Funds stolen from your bank accounts
  • Fraudulent purchases on credit cards or debit cards
  • Negative impacts on your credit score

Read on to learn more about how receipts, statements and other documented evidence that can help support a personal data breach claim. Or, get in touch with our team to find out if you could start a claim within the data breach time limit.

Potential Evidence When Claiming For A Data Protection Breach

Collecting evidence can be very helpful if you intend to start a personal data breach claim. Evidence can help prove who was liable for the breach, how it happened, and how it impacted you. You can collect this evidence alone, or with the help of a data breach solicitor.

Some examples of evidence that could support your claim include:

  • Correspondence relating to the breach. The organisation may have written to you or sent an email to notify you about the security incident. By law, all organisations must inform data subjects about any breach serious enough to impact their rights and freedoms. Furthermore, they should inform the ICO about serious breaches no later than 72 hours after discovery.
  • Have a GP or doctor assess the full extent of any psychological injury. Notes and medical records from professionals can be used to help demonstrate the psychological harm caused by the breach.
  • Retain proof of associated costs that arose because of the breach. For example, bills, receipts, invoices, and bank statements could all be used to help illustrate the financial harm caused by the data breach.

Get in touch with our team to find out if a solicitor from our panel could help you gather evidence to support your claim.

What Are The Benefits Of Claiming For A Data Breach On A No Win No Fee Basis?

Now that you know more about the time limit for data breach claims, let’s talk about why you should claim with the help of a No Win No Fee solicitor.

Our panel of solicitors are experts in UK GDPR time limits, and can help make sure that your claim is made on time. They can also help you support your claim by collecting evidence, and help you negotiate a settlement that appropriately covers your losses.

Plus, our panel is made up of No Win No Fee solicitors, and they work under a Conditional Fee Agreement (CFA). This means that you can access their services without being asked to pay any upfront or ongoing fees. If your claim fails, then you won’t pay for their work at all.

In the event that your claim succeeds, your solicitor will take a success fee. This is a small, legally capped percentage of your data breach compensation.

Contact Us About The Data Breach Time Limit And Claiming Compensation

Access expert advice about data breach time limits or learn how a solicitor from our panel could help you today by getting in touch.

Learn More About What Constitutes A Data Breach

For more helpful guides surrounding personal data breach claims:

For more resources:

Thank you for reading our guide on the data breach time limit.

Writer Jeff Walker

Editor Cat Harley