Has your personal information been involved in a data breach? If a breach by an organisation has impacted your mental health or finances you could be able to claim compensation. In this guide we will look at when and how you could make a data breach compensation claim.

Key Things To Remember In Data Breach Claims

  • Your personal private data should be protected inline with both the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA).
  • Compensation may take psychological harm and financial losses into account.
  • How much you could claim will depend on how seriously you were impacted.
  • You do not need a solicitor to make a data breach claim, but we believe there are many benefits to doing so.
  • Our solicitors could help you on a No Win No Fee basis.

Get in contact to begin a claim.

An image shows a padlock on a keyboard. On it is written data breach.

Browse Our Guide

What Is A Data Breach?

We will begin by defining what data breaches are and then focusing specifically on what a personal data breach is.

A personal data breach (as defined under the UK GDPR and DPA) occurs where there is a security incident which leads to the accidental or unlawful:

  • Destruction.
  • Loss.
  • Alteration.
  • Unauthorised access to personal data.
  • Unauthorised disclosure of personal data.

This may occur due to human error or other causes.

Data Controllers And Data Processors

Whether held by a company, local authority or individual, data controllers and processors have legal responsibilities when handling your personal data.

Under UK law,

  • Data controllers decide how and why personal data may be processed (in line with legislation). They are responsible for ensuring the data is processed legally.
  • Data processors may act on behalf of a controller and may handle (process) the data as instructed to do so. They are responsible for ensuring there are adequate security measures in place.

Next we look in more detail at what may be considered personal or sensitive information. Contact our team to check if you have a valid data breach claim.

What Is Personal Data?

The UK GDPR and Data Protection Act 2018 (DPA) define personal data as any information which relates to a person who is identified or who is identifiable from this data.

Examples of personal data, as set out by the Information Commissioner’s Office (ICO), include:

  • Names.
  • Postal addresses.
  • Email addresses.
  • Phone numbers.

The ICO is an independent authority which protects your data privacy and rights.

Special Category Data

Special category data is a specific subset of personal data. This type of data is generally considered to be more sensitive than those types previously listed. As such, it may require greater protection measures and stricter handling.

Examples of special category data may include information about your:

  • Racial or ethnic origin.
  • Political opinions.
  • Trade union membership.
  • Religion/ religious beliefs.
  • Biometric or genetic data.
  • Health data, such as your medical records.
  • Sexual orientation or sex life.

Whilst it may be considered sensitive information, special category data does not cover financial data.

Please contact our team today for further information on making a personal data breach claim.

A person it using their computer.

Could I Claim Data Breach Compensation?

If a data breach occurs, affecting your personal information, you may wonder if you are eligible to claim compensation. If a data controller or data processor fails to comply with the UK GDPR and DPA, this may be known as wrongful conduct and could lead to a data protection breach.

In order to make a data protection compensation claim you must be able to show that,

  • A data breach has occurred due to wrongful conduct.
  • This breach affected your personal data.
  • You suffered anxiety due to the data breach or financial losses.

Please contact our team for an assessment of your case and to see if you could claim compensation.

How Could A Data Breach Happen?

There are numerous ways in which a data breach could happen. You must show that the breach was caused by the data controller/ processor failing to adhere to legislation in order to have a valid data breach claim.

Data breaches may occur due to human error or may be deliberate. Examples of how data breaches could occur may include:

  • A hospital failing to update their cyber security leaving them vulnerable to a cyber attack. A hacker may steal information such as your medical data as well as your name, address and phone number.
  • A local authority sending your information to the wrong postal address. This may include documents containing special category data relating to services someone has accessed from a local authority.
  • Your mortgage provider could send information relating to your mortgage or application to the wrong email or postal address.
  • A social services data breach could occur if a file containing information on your case is thrown out, causing the loss of this data.

These are just some examples of how data breaches could occur. Contact us for advice on how to begin a claim.

An image shows information with question marks. In the middle it says data breach.

Data Breach Compensation Amounts

If you have a valid claim you could be awarded compensation for material and non-material damage. You could claim for these together or independently. How much compensation you may be awarded will be unique to your case.

Non-material damage is psychological harm caused by the personal data breach. For example,, this may include instances of anxiety or depression. In order to value this, parties to a claim may refer to both your medical reports (showing the impact on your health) and to the Judicial College Guidelines (JCG). The JCG is a document which contains guideline amounts of compensation. It is used by solicitors to help value claims.

In the following table we use figures from the JCG. The first row does not come from the JCG. Here we present an illustration of what may be awarded for a combination of psychological harm and material damage.

Type Of HarmDegree Of ImpactNotesDamage
Multiple forms of psychological harm.SevereMultiple forms of harm plus material damage.Up to £250,000 with material damage.
Psychiatric damageA - SevereThis impacts the person's ability to cope with all aspects of life. They have a poor prognosis.£66,920 to £141,240
B - Moderately severeWhilst problems may be associated with all parts of the person's life, their prognosis is better.£23,270 to £66,920
C - ModerateThose in this bracket have a good prognosis for recovery and have already markedly improved.£7,150 to £23,270
D - Less severeDamage takes the duration and extent of impact into account.£1,880 to £7,150
Post-traumatic stress disorder.A - SevereCases in this bracket involve permanent impacts on the person's ability to work and cope with other aspects of life.£73,050 to £122,850
B - Moderately severeThis bracket is distinct from the above as the prognosis for recovery (with professional help) is better.£28,250 to £73,050
C - ModerateThose in this bracket will have largely recovered.£9,980 to £28,250
D - Less severeThose in this bracket should make a full recovery in 1- 2 years.£4,820 to £9,980

Next, we look at what material damage compensation is.

What Is Material Damage Compensation?

Material damage refers to financial losses and related costs which may be taken into account. Claimants may be compensated for financial losses such as:

  • Loss of income and earnings caused by taking time off work to recover from a psychological injury.
  • The cost of medical care, such as that to treat a psychological condition caused by the breach. For example, treatment for anxiety.
  • The cost of dealing with identity theft due to the data protection breach.

You must provide evidence of any financial losses you intend to claim for. You may submit evidence such as a copy of your bank or credit card statements, invoices for medical care or payslips.

Please get in contact with our team to learn more about how much compensation you could be eligible to claim..

How Could A No Win No Fee Data Breach Solicitor Help Me?

If you meet the eligibility criteria to make a personal data breach compensation claim we believe that a No Win No Fee solicitor could help you.. If you choose to work with a solicitor, one of our expert data breach solicitors could help you. Because we understand that potential claimants may be concerned about the cost of doing so, they could offer you a Conditional Fee Agreement.

By using this type of agreement you do not need to pay anything either in advance or during the data breach claims process for their work. An additional benefit is that if your case isn’t successful there will be nothing to pay.

If you are awarded compensation for a personal data protection breach your solicitor will deduct a success fee from this. This fee will be set out in your agreement. There is also a (legal) cap limiting the percentage of your award which may be charged as a fee.

Contact an advisor to find out if one of our No Win No Fee personal data breach solicitors could help you.

Get In Touch With Our Team

Please get in contact with our team if you are ready to make a data breach compensation claim. We could connect you to one of our expert personal data breach solicitors. You can also discuss your case with one of our advisors and get more information on how we could help you.

To get in contact with us:

A solicitor begins work on a data breach compensation claim.

More Information On Data Breach Claims

Below you can find more resources which may help you when making a personal data protection breach compensation claim.

References and resources

Thank you for reading our guide on how to make a personal data breach compensation claim. We hope that this guide has helped you to learn more about how to make a claim. Please get in contact with our team to learn how we could help you.