A Guide To Claiming Data Breach Compensation

By Danielle Nicholson. Last Updated 29th April 2024. In this guide, we will explain what a personal data breach is and clarify when you can claim data breach compensation. If an organisation has breaches your data, it could affect you in various ways. For example, you may experience stress or develop a more severe psychological injury such as post-traumatic stress disorder (PTSD). You could also suffer financially, such as if your bank details are stolen and someone takes loans out in your names.

This guide will explore how data protection law sets out a data controller and processors responsibilities. A data controller sets the purpose for processing your personal data and can often process it themselves. A data processor will act on behalf of the controller.

A solicitor holding a tablet that says data breach in blue letters

If they fail to adhere to data protection law causing your personal data to become compromised leading to you suffering financial loss or mental harm, you may be able to claim. We will explore this further in our guide.

For more information, please don’t hesitate to contact our team of advisors. To get in touch, you can:

Select A Section

  1. Data Breach Compensation Examples
  2. What Is A Personal Data Breach And Who Can Make A Claim?
  3. Data Breach Compensation – Examples Of When You Could Claim
  4. Do I Need Evidence To Claim Data Breach Compensation?
  5. Making A Data Breach Claim With A No Win No Fee Solicitor

Data Breach Compensation Examples

One of the most commonly asked questions surrounding the data breach claims process is, “How much compensation could I receive if my claim succeeds?”

Every claim is different, and compensation is valued depending on the unique circumstances surrounding each claim. Because of this, it can be hard to provide accurate data breach compensation examples. However, we can give you more information on what kinds of compensation you could receive, and how this could be valued. 

Non-Material Damage Compensation

The first kind of compensation that you could receive is non-material damage compensation. This is aimed towards the psychological effects of the breach and how it’s affected your life.

For example, a personal data breach could cause you to suffer from severe depression or a relapse of already-existing post-traumatic stress disorder (PTSD). This can have a huge effect on your life, and stop you from working, enjoying a normal social life, or even being able to function as you did before. 

When this head of claim is calculated, the Judicial College Guidelines (JCG) can be used to help. This is because the JCG provides guideline compensation brackets that correspond with different psychological injuries.

In the table below, you can find some examples of these brackets. Please be aware that these are only guideline amounts, not guarantees, and that the first entry has not been taken from the JCG.

Guideline Compensation Brackets

Type of HarmGuideline Compensation AmountsNotes
Very Severe Psychological Damage and Financial LossesUp to £250,000+Settlements could include compensation for very severe emotional distress and the financial harm suffered, such as loss in credit score.
Psychological Harm - Severe (a)£66,920 to £141,240The person has received a poor prognosis and have experienced an impact in many areas of their life.
Psychological Harm - Moderately Severe (b)£23,270 to £66,920The person will have a more optimistic prognosis despite significant issues.
Psychological Harm - Moderate (c)£7,150 to £23,270The person will have a good prognosis and have made a significant improvement.
Psychological Harm - Less Severe (d)£1,880 to £7,150The award given will depend on the extent to which daily activities and sleep have been affected.
PTSD - Severe (a)£73,050 to £122,850The person will experience a permanent impact on all parts of their life.
PTSD - Moderately Severe (b)£28,250 to £73,050The person will have a better prognosis due to professional help.
PTSD - Moderate (c)£9,980 to £28,250The person will have largely recovered with only some symptoms that aren't majorly disabling continuing.
PTSD - Less Severe (d)£4,820 to £9,980The person will make a mostly full recovery within a couple of years.

Material Damage Compensation

The second kind of compensation that you could receive is material damage compensation. This heading covers the financial losses that you suffer because of the data breach.

For example, if the breach caused you to suffer severe PTSD, this may mean you can no longer work. If this caused you to lose out on earnings, then you could potentially claim them back as material damage compensation. You would need to be able to prove these lost earnings to be able to claim compensation for them. Your payslips could be used as evidence in this regard.

The figures we’ve provided here are only guidelines. If you’d like to learn more about data breach compensation examples and get a free consultation, contact our team of advisors today.

What Is A Personal Data Breach, And Who Can Make A Claim?

A breach of your personal data involves a security incident that has resulted in the confidentiality, integrity or availability of your personal data being affected.

Businesses and organisations, such as social services, banks or retail stores will often collect personal data for operational and/or commercial purposes. Organisations may collect data from customers, employees and other stakeholders. The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA) protect personal data of those who reside in the UK. It sets out a data controller and processors responsibilities such as taking security precautions to minimise the risk of data breaches happening.

You can sometimes claim data breach compensation if an organisation has breached your personal data. However, you will need to prove the following:

  • An organisation breached your personal data because it failed to comply with data protection legislation.
  • You experienced emotional distress or mental health injuries because of the data breach or financial losses.

Data Controllers And Data Processors

A data controller decides how your data is used, and why they need to use it. It’s their responsibility to establish a lawful basis, and ensure that their reasons for collecting this data are lawful. Then, a data processor follows the instructions of the controller and they process the data on their behalf. It’s the data processor’s responsibility to make sure they comply with data protection laws when they process this data.

Wrongful conduct occurs when the data controller or data processor fails to comply with data protection legislation and does not fulfil their responsibilities.

Contact our team to find out if you could have a valid data breach claim. Our advisors can evaluate your claim for free and offer more information on the claims process, using tools like a data breach compensation calculator, and working with a solicitor.

The Words Data Breach And A Mail Logo On A Computer Keyword.

Data Breach Compensation – Examples Of When You Could Claim

Data breaches could occur accidentally through human error or as a result of criminal and deliberate actions  activity, such as theft or hacking of digital databases. Here are a few examples of how a security breach could occur:

  • Failure to use the blind carbon copy (BCC) field when sending an email with more than one recipient. The BCC field can conceal email addresses from each other in mass emails, such as large-scale notification emails from clinics.
  • Theft of personal data that is kept in an insecure location. For example, medical data breaches could occur if a doctor’s surgery experiences a break-in and any paper files containing medical records are not kept in a locked filing cabinet.
  • Sending a letter to the wrong postal address when the company has your correct address on file, allowing an unauthorised party access to your personal data.
  • Cybercriminals could gain access to a database through hacking. Any organisation storing data digitally should have adequate security measures in place, including password protection and firewalls. They should also ensure that cybersecurity systems are kept up to date.

Businesses should ensure that any staff with access to personal data are given training in data protection to help prevent accidental data breaches. They should also make sure that personal data is given adequate protection through appropriate security measures, such as locks on filing cabinets and passwords for computers.

If you would like to discuss the situation behind the compromise in your personal data, contact one of the advisors from our team.

The Words Data And Breach On Separate Wooden Blocks Next To Notebooks, Calculator And Magnifying Glass.

Can A Company Be Fined In The UK For A Data Breach?

An organisation called the Information Commissioner’s Office (ICO) regulates data protection in the UK. As part of their duties, the ICO has the power to issue fines to companies that fail to comply with data protection laws.

There are two tiers of penalty the ICO can hand out. There is the higher maximum which can reach £17.5 million; this can apply if there’s a failure to comply with the data protection principles or the rights of a data subject. There is also the standard maximum, which can reach £8.7 million and applies where other provisions are infringed, for example, administrative requirements.

Below, we’ve listed the five largest fines the ICO have handed out for data breaches as of May 2023:

  1. £20 million fine for British Airways
  2. £18.4 million fine for Marriott Hotels
  3. £12.7 million fine for TikTok
  4. £7.5 million fine for Clearview AI
  5. £4.4 million fine for Interserve

Do I Need Evidence To Claim Data Breach Compensation?

If you’ve suffered due to a breach of data protection, compensation could be owed to you. However, in order to claim compensation for a breach of data protection, you need to be able to provide evidence.  The more you have, the better.

Here are some examples of how you could support your claim:

  • Emails/letters – For example, the correspondence from the data controller notifying you of a data breach.
  • Bank statements – If your financial information is included in the data that’s been breached, then it could be that certain unauthorised costs and charges start to show up.
  • Medical evidence – In a scenario where a data breach has affected your treatment (for instance, the loss of your records in a medical setting) then you’ll need proof that your health has been affected as a result of the breach.

There are other forms of evidence you could gather too. Some may even be specific to your circumstances. To find out more, including how a data breach compensation amount in the UK could be calculated, reach out to our advisors today.

Making A Data Breach Claim With A No Win No Fee Solicitor

If you are eligible to make a personal data breach claim, one of our solicitors may be able to help you. Our solicitors work on a No Win No Fee basis under a Conditional Fee Agreement (CFA). With this arrangement in place, you will receive a solicitor’s help without paying any upfront or ongoing fees for their services. On top of this, if your claim fails, then your solicitor won’t take payment for their work on your case.

If your personal data breach compensation claim succeeds, then your solicitor will take a success fee. This is a small percentage that is deducted directly from your compensation award, though there is a legal cap in place to help make sure that you keep the majority share of your compensation.

Making a claim for compensation for a data breach with the help of a solicitor can come with many benefits. For example, when you work with one of our solicitors, they can use their years of experience to explain legal jargon and fully evaluate all areas of your claim. Another benefit of working with a solicitor is that they can help you collect useful and relevant evidence to support your case.

Our team of advisors are here to help. To find out if you could be eligible to make a personal data breach claim with the help of one of our solicitors, get in touch today:

A Data Breach Solicitor Makes Notes Behind A Table With A Gavel, Scales And A Notebook On It.

Glossary Of Terms

Below, we have provided some key data breach terms.

  • Data Subject: The person whose personal information is being processed.
  • Data Controller: They decide on the purpose for processing personal data. They can also process this data themselves.
  • Data Processor: They process data on behalf of the controller.
  • Personal data: This is personal information that can be used to identify you.

Useful Guides For Data Breach Claims

Below, we have provided some additional resources that you may find useful.

If you have any other questions regarding how to seek data breach compensation, please get in touch on the number above.