Data Breach Compensation Examples – How Much Compensation For GDPR Claims?

By Cat Gengar. Last Updated 16th June 2022. Welcome to our guide on data breach compensation examples. A data breach is where personal information is accessed, lost, destroyed, changed or disclosed without a lawful reason. 

Data breach compensation examples

Data breach compensation examples guide

As a result of a data breach, you could be impacted either financially or psychologically. You could be entitled to compensation in either circumstance (or both), providing the positive wrongful conduct of the organisation that was supposed to protect your personal data led to the breach.

The expert data breach solicitors on our panel could assist you in making your claim. 

It’s important to act quickly. This is due to the limited window of time following a data breach in which you can make a claim. If this time limit expires, then it becomes much more unlikely that your claim will be successful.

Get in touch with us today. Once we know more about your claim, we’ll be able to offer you advice more relevant to your circumstances. Read on for more information.

Select A Section

  1. Data Breach Compensation Examples – An Overview
  2. Recognising Data Breaches
  3. Breaches Of Data Privacy
  4. Breach Of Confidentiality
  5. How Much Compensation Can I Get For A Data Protection Breach?
  6. Tips On Claiming Data Breach Compensation
  7. Get In Touch With A Data Breach Lawyer
  8. More Information On Claiming Data Breach Compensation

Data Breach Compensation Examples – An Overview

As mentioned above, a data breach is when personal data, such as your bank details or medical records, are accessed, disclosed, altered, destroyed or lost without a lawful basis.

This article goes into more detail regarding specific data breach compensation examples as well as information on how GDPR breaches can occur. 

We also take a look at breach of confidentiality and tips on making a data breach claim.

Here’s a quick overview of the key information you can find in this guide:

  • It’s possible to claim compensation for a data breach that caused you psychological harm, such as distress or anxiety, as well as one that inflicts financial damage.
  • Most data breaches are caused by human error. To succeed in a claim, it’s necessary to show the responsible organisation made some form of positive wrongful conduct, such as failing to update their anti-virus software.
  • If a data breach solicitor believes you could have good prospects of succeeding in a claim, they could offer to represent you on a No Win No Fee basis.
  • A data breach compensation calculator tool could help you work out how much you could receive, but each case is different and is valued on its unique facts. Payouts could range from £1,000 to over £100,000.

Data Breach Statistics

According to the 2021 Cyber Security Breaches Survey carried out by the government, 39% of respondent businesses had experienced a cyber security breach or attack in the 12 months leading up to March of 2021. 26% of respondent charities also reported such breaches or attacks over the same period of time. 

Data breach compensation examples statistics graph

Data breach compensation examples statistics graph

Data breaches don’t just happen online. They can happen in a variety of ways. For example, a person or company may have written your personal information down. If it’s not then stored securely, this could lead to it finding its way into the wrong hands.

You could start your claim by contacting those you believe to be responsible for protecting your personal data and failing to do so. If there have been 3 months since they replied in any meaningful and satisfactory way, then you could approach the Information Commissioner’s Office (ICO). Making a complaint to them could be the next step.

What happens if a company breaches data protection?

In short, there are a number of things that could happen if a company breaches your data. For example, you may be reimbursed for financial losses that you could experience as a result of the breach. This can be more common in instances of your bank information being unlawfully accessed and/or distributed.

Additionally, they could also owe you data protection breach compensation for the psychological harm that you may suffer from due to personal information being leaked. For example, your medical records.

The organisation found responsible for the breach may also be fined by the ICO. The ICO is an independent UK body that enforces data protection laws. It also fixes penalties to those breaching the law in a proportionate manner.

Recognising Data Breaches 

If you are looking for data breach compensation, examples of how a data protection breach could be spotted may be of use to you.

To illustrate, you may notice:

  • Unexplained or familiar charges on your bank account
  • Excessive junk mail/spam from one specific source (including mail sent to the wrong postal address or wrong email address)
  • Companies calling you to sell you something, when you didn’t sign up to their marketing list

These may not be definitive proof of a data breach taking place. However, they may be enough for you to begin an investigation. You should keep hold of anything you think could be used as evidence during your claim, such as letters confirming a breach and bank statements showing financial losses.

The consequences of a data breach could be minor. You may simply be inconvenienced by the excessive attempts to contact you. But, in worse cases, you could experience severe financial losses.

If it is a public body, such as the police or the NHS, that has exposed your personal data through positive wrongful conduct, you could have just 1 year to make a claim. If your data has been breached by other organisations, you may have 6 years. However, it’s important to act swiftly if you suspect you have been subject to a data breach.

Breaches Of Data Privacy

As mentioned earlier in this article, a data breach is when your personal information is accessed, lost, destroyed, changed or disclosed without your permission or unlawfully.

However, your personal data being exposed is not enough for you to be awarded compensation. It needs to have been exposed due to the failings of the organisation that was supposed to protect it. In addition, you need to have suffered some kind of mental or financial damage to be eligible for compensation. 

In cases where people have been awarded data breach compensation, examples consist of instances where the claimant has suffered financial losses as a result of their information being leaked. Another scenario could be when an individual’s medical records have been accessed unlawfully. This could lead to issues with anxiety or depression developing or being made worse.

It’s important to note that data breach claims relate to information that’s stored somewhere. For example, a physical folder or a hard drive can contain personal information. Unfortunately, you can’t make a claim for compensation if your personal information is disclosed verbally between sources.

Breach Of Confidentiality

When you supply an organisation with your personal information, it’s usually with a specific purpose in mind. Oftentimes, you won’t expect this information to be passed on without your consent. If the personal data you give over to organisations is used without your permission, or unlawfully, then this could be an example of a breach of confidentiality.

Remember though, confidentiality or data breaches do not automatically make you eligible to receive compensation. You need to have suffered financial losses, psychological issues, or both.

The organisation will also need to have failed to protect your personal data through positive wrongful conduct.

One of the higher-profile data breach compensation examples that has happened in recent years is the case of Facebook in 2018*. The social media site experienced a security incident that left around 50 million user accounts exposed.

https://www.itgovernance.co.uk/data-breaches – Source*

Tips on Claiming GDPR Breach Compensation

To claim compensation for a GDPR breach, you need to have suffered financial losses (material damages) or psychological injury (non-material damages) as a result of an organisation insufficiently protecting your data, leading to a data breach.

In data breach claims, you need to have evidence showing how the organisation failed to protect your data and how this led to a breach. This could involve supplying correspondence between you and the relevant. Other useful types of evidence you could have include:

  • Bank statements – If you’re claiming for material damages, these can be used as evidence showing how the data breach led to your bank details being stolen. It can also illustrate the amount that was taken as a result.
  • Receipts and invoices – For example, if you’re claiming for non-material damages, you could show how the incident has impacted you by providing receipts and invoices for the therapy you’ve required. You could suffer from anxiety and depression because your identity has been stolen, for example.
  • Police reports – If you’ve been a victim of identity fraud, this could show that you have reported it to the police. The police could also corroborate how much money has been stolen.
  • Medical assessments – If you’re suffering from PTSD, for instance, a doctor’s assessment can highlight how your mental health has been negatively impacted by the data breach.

This list isn’t extensive so, if you want to learn about potential evidence for claiming, please contact us. We offer free legal advice and can tell you more about potential GDPR breach compensation amounts in the UK and let you know more about what you could receive.

How Long Do I Have To Claim Data Breach Compensation?

It’s important to be aware of the time limits involved when making a data breach claim. Generally, you may have 1 year to claim against a public body or 6 years if the breach involves a non-public body.

It’s important to note that every data breach claim can stem from a unique set of circumstances. Therefore, it’s possible that these time limits may function differently in some scenarios. If you’re unsure as to whether you can still make a claim, get in touch with our advisors today. We can help you determine this.

How Much Compensation Can I Get For A Data Protection Breach In 2022?

If you are interested in making a personal data breach claim, you may question how much compensation you could receive should your claim be successful. You should know that the amount you could receive will depend on the individual circumstances of your case.

As part of your data breach compensation, you may be able to claim material damages. This covers any financial harm you may have suffered as a result of the data breach. For example, if your credit card details were hacked or stolen, this could lead to fraudulent charges on your account, a damaged credit score, and even identity theft. You may be able to claim any related costs back.

 DescriptionAmount
Psychiatric damage(a) Severe - the claimant will have suffered a significant impact on their ability to cope with life, education and work. Relationships may be permanently damaged with the prognosis poor. £54,830 to £115,730
Psychiatric damage(b) Modereately severe - cases that fall into this bracket will likely see the claimant suffering from permanent or long-standing symptoms that may prevent a return to work.£19,070 to £54,830
Psychiatric damage(c) Moderate - there will have been moderately severe issues, but improvement will be good, as well as the prognosis£5,860 to £19,070
Psychiatric damage(d) Less severe - amount awarded will reflect how much daily activities like sleep are affected£1,540 to £5,860
Post-traumatic stress disorder(a) Severe - cases that fall under this bracket involve permanent damage to day to day functioning, such as an inability to work and a breakdown in relationships. £59,860 to £100,670
Post-traumatic stress disorder(b) Moderately severe - symptoms may be similar to severe cases of PTSD, only they may have a better prognosis, especially with professional help.£23,150 to £59,860
Post-traumatic stress disorder(c) Moderate - the person will have made a very good recovery, with any lasting effects not being grossly disabling£8,180 to £23,150
Post-traumatic stress disorder(d) Less severe - an almost complete recovery taking no longer than 2 years£3,950 to £8,180

If you can’t see your injuries in the table above, why not reach out to us? Our advisers value injuries for free.

What Else Can You Include In A Data Breach Claim?

The table above shows figures taken from the 2022 edition of the Judicial College Guidelines (JCG), which helps legal professionals value claims. These figures illustrate what you could receive for various psychological injuries.

Since the Court of Appeals ruling on Vidal-Hall vs Google [2015], you can now claim for non-material damages without having suffered any financial loss or damage. Non-material damages are the part of your data breach claim that cover any psychological or mental effects caused by a breach. For example, if your email address is exposed in an online breach, this could cause considerable anxiety, depression, and PTSD.

Contact our advisors for more information on making a data protection breach compensation claim today to find out what you could be eligible to claim.

Tips On Claiming Data Breach Compensation

To succeed in a data breach compensation claim, it’s important to gather as much evidence as possible. This enables a solicitor to do a number of things:

  1. They can better understand how the breach happened and the impact that it’s had on you
  2. With more evidence to review, they can determine whether your data breach claim has a good chance of succeeding

If you’re wondering what types of evidence you need, the best starting point is a letter or email from the organisation that has committed the breach.

Such correspondence would confirm that a data protection breach has happened and what information was exposed.

If you do not have anything to confirm this, we recommend making a complaint to the organisation responsible. Under the UK GDPR, they must investigate and provide you with a response.

Should you receive no meaningful response within 3 months of your initial complaint, you can complain to the ICO. They may conduct their own investigation, the findings of which could be useful to you if you make a data breach compensation claim.

Other pieces of evidence that can support your claim include medical notes from your records in relation to any stress or anxiety the breach may have caused you.

Supplying bank statements or credit reports to show the damage caused by the GDPR breach can also help your case.

For more guidance on obtaining evidence for a data breach claim, please get in touch with us on the number at the top of this page.

Get In Touch With A Data Breach Lawyer

Reach out to us today and we could help you take the next step towards your data breach compensation. Examples can only go so far.

All of the lawyers on our panel operate on a No Win No Fee basis. The agreement you make is also known as a Conditional Fee Agreement (CFA). This means that you only need to cover their legal fees if they help you make a successful claim. If you do not receive any compensation, then you won’t be required to pay them any legal fees.

If your claim is successful, they’ll be paid via a small percentage of your settlement. This percentage is capped by law so that the majority of your compensation is protected.

What’s more, under a No Win No Fee agreement, you don’t have to pay any upfront or ongoing solicitor fees. 

So, get in touch.

More Information On Claiming Data Breach Compensation

We’ve included some helpful links that may be of use to you.

  1. Our article on data breach claims caused by human error.
  2. How to claim in instances of data breaches caused by the loss or theft of a device.
  3. Another of our articles on data breach compensation.
  4. How to claim for a failure to use a blind carbon copy (BCC) when sending an email.
  5. Claims for breach of UK GDPR.
  6. Find out more about how a litigation friend can make a claim on your behalf.
  7. Government information on making a complaint about data protection issues.
  8. Information from the NHS about post-traumatic stress disorder.

We also have some other guides you may find useful:

Thank you for reading our guide on data breach compensation examples.

Article by AI 

Publisher UI